[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Stored XSS Vulnerability on TP-Link Archer VR300 v1

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Stored XSS Vulnerability on TP-Link Archer VR300 v1
From: okan coskun <okancoskun2@xxxxxxxxx>
Date: Thu, 14 Nov 2019 22:24:08 +0300

I. VULNERABILITY
-------------------------
Stored XSS Vulnerability on TP-Link Archer VR300 v1 - firmware
version: 1.3.0 0.8.0 v007b.1 build 180905 Rel.55344n

II. CVE REFERENCE
-------------------------
-

III. VENDOR
-------------------------
https://www.tp-link.com/

IV. TIMELINE
-------------------------
04/10/2018 Vulnerability discovered
05/10/2018 Vendor contacted
no Response

V. CREDIT
-------------------------
Okan Coşkun from Biznet Bilisim A.S.
Halil Arı From Biznet Bilisim A.S

VI. DESCRIPTION
-------------------------
Tp-Link Router interface is affected by stored XSS vulnerability. A
remote attacker could steal victims cookie or redirect victim to
malicious site.

VII. PROOF OF CONCEPT
-------------------------
Affected Component: VPN Name
Path(inurl): /cgi?3
Affected parameter: connName

On TP-Link Router Interface adding VPN configurations with malicious
VPN Name could execute arbitrary javascript.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] WordPress Plugin Social Photo Gallery 1.0 - Remote Code Execution
Next by Date: [FD] Raritan CommandCenter Secure Gateway XML External Entity < 8.0
Previous by thread: [FD] WordPress Plugin Social Photo Gallery 1.0 - Remote Code Execution
Next by thread: [FD] Raritan CommandCenter Secure Gateway XML External Entity < 8.0
Index(es):
- Date
- Thread