I. VULNERABILITY ------------------------- Stored XSS Vulnerability on TP-Link Archer VR300 v1 - firmware version: 1.3.0 0.8.0 v007b.1 build 180905 Rel.55344n
II. CVE REFERENCE ------------------------- - III. VENDOR ------------------------- https://www.tp-link.com/ IV. TIMELINE ------------------------- 04/10/2018 Vulnerability discovered 05/10/2018 Vendor contacted no Response V. CREDIT ------------------------- Okan Coşkun from Biznet Bilisim A.S. Halil Arı From Biznet Bilisim A.S VI. DESCRIPTION ------------------------- Tp-Link Router interface is affected by stored XSS vulnerability. A remote attacker could steal victims cookie or redirect victim to malicious site. VII. PROOF OF CONCEPT ------------------------- Affected Component: VPN Name Path(inurl): /cgi?3 Affected parameter: connName On TP-Link Router Interface adding VPN configurations with malicious VPN Name could execute arbitrary javascript. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/