vendor:
TC7337
by:
Anonymous
8,8
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: TC7337
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
XSS through SSID in Technicolor TC7337
This exploit allows an attacker to inject malicious JavaScript code into the SSID of a Technicolor TC7337 router. The code is then executed when the router's wlscanresults.html page is accessed. The code can be used to extract the router's admin login and password, as well as the Wi-Fi passphrase, and send them to an attacker-controlled server. It can also be used to execute a Cross-Site Request Forgery (CSRF) attack to reboot the router.
Mitigation:
To mitigate this vulnerability, users should ensure that their router's SSID does not contain any malicious code.
