Advertisement






Tenda AC5 AC1200 Wireless Cross Site Scripting

CVE Category Price Severity
CVE-2021-3186 CWE-79 $5,000 High
Author Risk Exploitation Type Date
Mohammad Reza Espargham High Remote 2021-01-26
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021010174

Below is a copy:

Tenda AC5 AC1200 Wireless Cross Site Scripting
# Exploit Title: Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
# Exploit Author: Chiragh Arora
# Hardware Model: Tenda AC5 AC1200
# Firmware version: V15.03.06.47_multi
# Tested on: Kali Linux
# CVE ID: CVE-2021-3186
# Date: 25.01.2021

##########################################################################

Steps to Reproduce -

   - Navigate to the Tenda AC1200 gateway with 192.168.0.1 
   - Follow up to the WiFi Settings and click the WiFi Name & Password option there.
   - Manipulate the WiFi Name with "<script>alert(1)</script>"
   - Click the Save button & as the page refresh, youll got an alert stating 1 within it.
   
Note: It doesnt matter which Network Name parameter (2.4 GHz or 5 GHz) youre manipulating, youll encounter the popup over in both of them.


Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum