TP-LINK WDR4300 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8396


A TP-Link router was identified on the network. N750 Wireless Dual Band Gigabit Router (TL-WDR4300) is running outdated firmware.


Firmware version 140916 is vulnerable to the following issues:

- Stored cross-site scripting via injecting javascript code into the DHCP hostname field, which will execute when the administrator visits the DHCP clients panel.

- A denial of service vulnerability that can be triggered when sending an extra overly long HTTP header field to the device's web server.


The vendor has released a patch for this vulnerability, available on their website. Update your firmware to Build 140916.

See Also

Plugin Details

Severity: High

ID: 8396

File Name: 8396.prm

Family: Generic

Published: 2014/10/01

Modified: 2016/09/12

Dependencies: 1442

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.6


Temporal Vector: CVSS3#E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:tp-link:tl-wdr4300

Patch Publication Date: 2014/09/22

Vulnerability Publication Date: 2014/09/22

Reference Information

CVE: CVE-2014-4727

BID: 70037