XSS Vuln - TP-LINK TL-WR740N

vendor:

TL-WR740N

by:

bl00dy

7,5

CVSS

HIGH

Cross-site scripting (XSS)

CWE

Product Name: TL-WR740N

Affected Version From: 3.17.0 Build 140520 Rel.75075n

Affected Version To: 3.17.0 Build 140520 Rel.75075n

Patch Exists: NO

Related CWE: N/A

CPE: h:tp-link:tl-wr740n

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 8.1

2017

XSS Vuln – TP-LINK TL-WR740N

A Cross-site scripting (XSS) vulnerability exists in TP-LINK TL-WR740N. An attacker can exploit this vulnerability by entering malicious code in the Description field of the Wireless MAC Filtering tab, which will be executed when the page is loaded.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

# Exploit Title: XSS Vuln - TP-LINK TL-WR740N
# Date: 15/11/2017
# Exploit Author: bl00dy
# Vendor Homepage: http://www.tp-link.com <http://www.tp-link.com.br/>
# Version: TP-LINK TL-WR740N - 3.17.0 Build 140520 Rel.75075n
# Tested on: Windows 8.1

Cross-site scripting (XSS) in TP-LINK TL-WR740N

______________________________________________________

Proof of Concept:

1. Go to your wireless router ip (ex. 192.168.0.1)

2. Go to Wireless and -Wireless MAC Filtering- tab

3. Click Add new button

5.Write random MAC Address and in -Description- write (<h1>XSS by
bl00dy</h1>)

6.Click save and you will see XSS in Wireless MAC Filtering tab
______________________________________________________