header-logo
Suggest Exploit
vendor:
TL-WR740N
by:
Shujaat Amin (ZEROXINN)
4.1
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name: TL-WR740N
Affected Version From: 3.12.11 Build 110915
Affected Version To: 3.12.11 Build 110915
Patch Exists: NO
Related CWE: CVE-2023-XXXX (Example CVE)
CPE: h:tp-link:tl-wr740n:3.12.11
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
2023

TP-LINK TL-WR740N – Multiple HTML Injection Vulnerabilities

The TP-LINK TL-WR740N router with version 3.12.11 Build 110915 Rel.40896n is vulnerable to multiple HTML injection issues. An attacker can inject malicious HTML code into the Target Description box under Access control settings, leading to potential cross-site scripting (XSS) attacks.

Mitigation:

To mitigate this vulnerability, users should avoid inputting any HTML code in the Target Description box. Additionally, it is recommended to update the router firmware to the latest version provided by the vendor.
Source

Exploit-DB raw data:

# Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities
# Date: 25/9/2023
# Exploit Author: Shujaat Amin (ZEROXINN)
# Vendor Homepage: http://www.tp-link.com 
# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n
# Tested on: Windows 10

---------------------------POC-----------------------------

1) Go to your routers IP (192.168.0.1)

2) Go to Access control --> Target,rule

3) Click on add new 

5) Type <h1>Hello<h1> in Target Description box

6) Click on Save, and now you can see html injection on the webpage

Navigation

Suggest Exploit

Services By CQR