header-logo
Suggest Exploit
vendor:
TL-WR740N
by:
Shujaat Amin (ZEROXINN)
4.1
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name: TL-WR740N
Affected Version From: 3.12.11
Affected Version To: 3.12.11
Patch Exists: NO
Related CWE: CVE-2023-XXXX
CPE: h:tp-link:tl-wr740n_firmware:3.12.11
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
2023

TP-LINK TL-WR740N – Multiple HTML Injection Vulnerabilities

The TP-LINK TL-WR740N router version 3.12.11 Build 110915 Rel.40896n is vulnerable to multiple HTML injection issues. By inserting HTML code like <h1>Hello<h1> into the Target Description box under Access control settings, an attacker can inject arbitrary HTML code into the webpage.

Mitigation:

To mitigate this vulnerability, users should avoid inputting any untrusted HTML code into the router settings. Regularly update the router firmware to the latest version provided by the vendor.
Source

Exploit-DB raw data:

# Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities
# Date: 25/9/2023
# Exploit Author: Shujaat Amin (ZEROXINN)
# Vendor Homepage: http://www.tp-link.com 
# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n
# Tested on: Windows 10

---------------------------POC-----------------------------

1) Go to your routers IP (192.168.0.1)

2) Go to Access control --> Target,rule

3) Click on add new 

5) Type <h1>Hello<h1> in Target Description box

6) Click on Save, and now you can see html injection on the webpage

Navigation

Suggest Exploit

Services By CQR