[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Tenda AC5 AC1200 Wireless - (WiFi Name & Password) Stored Cross Site Scripting Vulnerability

Author
Chiragh Arora
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-35733
Category
web applications
Date add
26-01-2021
CVE
CVE-2021-3186
Platform
hardware
# Exploit Title: Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
# Exploit Author: Chiragh Arora
# Hardware Model: Tenda AC5 AC1200
# Firmware version: V15.03.06.47_multi
# Tested on: Kali Linux
# CVE ID: CVE-2021-3186

##########################################################################

Steps to Reproduce -

   - Navigate to the Tenda AC1200 gateway with 192.168.0.1 
   - Follow up to the WiFi Settings and click the “WiFi Name & Password” option there.
   - Manipulate the WiFi Name with "<script>alert(1)</script>"
   - Click the “Save” button & as the page refresh, you’ll got an alert stating “1” within it.
   
Note: It doesn’t matter which Network Name parameter (2.4 GHz or 5 GHz) you’re manipulating, you’ll encounter the popup over in both of them.


#  0day.today [2024-12-24]  #