Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting

vendor:

AC5 AC1200 Wireless Router

by:

Chiragh Arora

6.1

CVSS

MEDIUM

Stored Cross Site Scripting

CWE

Product Name: AC5 AC1200 Wireless Router

Affected Version From: V15.03.06.47_multi

Affected Version To: Unknown

Patch Exists: NO

Related CWE: CVE-2021-3186

CPE: h:tenda:ac5_ac1200_firmware:v15.03.06.47_multi

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux

2021

Tenda AC5 AC1200 Wireless – ‘WiFi Name & Password’ Stored Cross Site Scripting

The Tenda AC5 AC1200 wireless router is vulnerable to stored cross site scripting. An attacker can manipulate the WiFi Name parameter with a malicious script, causing it to be executed when the page is refreshed.

Mitigation:

Upgrade to a patched version of the firmware or disable remote access to the router.

Source

Exploit-DB raw data:

# Exploit Title: Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
# Exploit Author: Chiragh Arora
# Hardware Model: Tenda AC5 AC1200
# Firmware version: V15.03.06.47_multi
# Tested on: Kali Linux
# CVE ID: CVE-2021-3186
# Date: 25.01.2021

##########################################################################

Steps to Reproduce -

   - Navigate to the Tenda AC1200 gateway with 192.168.0.1 
   - Follow up to the WiFi Settings and click the “WiFi Name & Password” option there.
   - Manipulate the WiFi Name with "<script>alert(1)</script>"
   - Click the “Save” button & as the page refresh, you’ll got an alert stating “1” within it.
   
Note: It doesn’t matter which Network Name parameter (2.4 GHz or 5 GHz) you’re manipulating, you’ll encounter the popup over in both of them.