TP-Link Archer VR300 1 Cross Site Scripting

TP-Link Archer VR300 version 1 suffers from a persistent cross site scripting vulnerability.


MD5 | d679321fdc207a974641a756b1e35bb0

I. VULNERABILITY
-------------------------
Stored XSS Vulnerability on TP-Link Archer VR300 v1 - firmware
version: 1.3.0 0.8.0 v007b.1 build 180905 Rel.55344n

II. CVE REFERENCE
-------------------------
-

III. VENDOR
-------------------------
https://www.tp-link.com/

IV. TIMELINE
-------------------------
04/10/2018 Vulnerability discovered
05/10/2018 Vendor contacted
no Response

V. CREDIT
-------------------------
Okan Coşkun from Biznet Bilisim A.S.
Halil Arı From Biznet Bilisim A.S

VI. DESCRIPTION
-------------------------
Tp-Link Router interface is affected by stored XSS vulnerability. A
remote attacker could steal victims cookie or redirect victim to
malicious site.

VII. PROOF OF CONCEPT
-------------------------
Affected Component: VPN Name
Path(inurl): /cgi?3
Affected parameter: connName

On TP-Link Router Interface adding VPN configurations with malicious
VPN Name could execute arbitrary javascript.



Related Posts