Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28776
HistoryNov 26, 2012 - 12:00 a.m.

FW: =| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |=

2012-11-2600:00:00
vulners.com
31
JSON

=| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |=

Issue: TL-WR841N 300Mbps Wireless N Router by "TP-LINK"
Firmware Version: 3.13.9 Build 120201 Rel.54965n and Below
Discovered Date: 17/11/2012
Author: Matan Azugi [[email protected]]
Product Vendor: http://www.tp-link.com/en/products/details/?model=TL-WR841N

Details:

TP-LINK TL-WR841N Wireless Router is prone to Cross Site Scripting
Vulnerability.
The vulnerability exists in Web-Based Management.
Remote authenticated administrators may inject arbitrary JavaScript or HTML
via the username parameter or via pwd parameter to exploit Stored Cross Site
Scripting condition.
Exploitation URL:

http://192.168.0.1/userRpm/NoipDdnsRpm.htm?provider=3&username=a1234</script
> <script>alert(1)</script>12aaa34f5be&pwd=password&cliUrl=&Save=Save
2.
http://192.168.0.1/userRpm/NoipDdnsRpm.htm?provider=3&amp;username=1234&amp;pwd=a123
4</script><script>alert(1)</script>12aaa34f5be&cliUrl=&Save=Save

Successful exploitation allows the attacker to steal user information and
may allow the attacker to take full control over the user Browser.

JSON