TP-Link Archer C1200 Cross Site Scripting

TP-Link Archer C1200 suffers from a cross site scripting vulnerability.

MD5 | 49bd46588e1bbff2559d1240c27c9f34

[+] Unauthenticated

[+] Author: Usman Saeed (usman [at]

[+] Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU

[A*] Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect an innocent victim to a malicious website, thus compromising the user.

[A*] Reason: The remote webserver does not filter special characters or illegal input.

[+] Attack type: Remote

[+] Patch Status: Unpatched

[+] Exploitation:

[!] The Cross-site scripting vector can be executed, as illustrated below

http://hostname/webpages/data/_._.<img src=a onerror=alert(aReflected-XSSa)>../..%2f

Related Posts