Tenda ADSL Router D152 - Cross-Site Scripting

EDB-ID:

45336

CVE:

2018-14497

EDB Verified:

Author:

Sandip Dey

Type:

webapps

Exploit: /

Platform:

Hardware

Date:

2018-09-05

Vulnerable App:

# Exploit Title: Tenda D152 ADSL Router - Cross-Site Scripting
# Exploit Author: Sandip Dey
# Date: 2018-07-21
# Vendor Homepage:  http://www.tendacn.com
# Hardware Link: https://www.amazon.in/Tenda-D152-ADSL2-Modem-Router/dp/B00IM8CWTE/ref=sr_1_fkmr0_1?ie=UTF8&qid=1536170904&sr=8-1-fkmr0&keywords=Tenda+D152+ADSL+router
# Category: Hardware
# Tested on: Windows 8.1
# CVE: CVE-2018-14497
  
# Reproduction Steps:
  
Goto your Wifi Router Gateway [i.e: http://Target]
Go to --> "General Setup" --> "Wireless" --> "Basic Settings
Now change the SSID to <script>alert("Sandip")</script> and hit apply
Refresh the page, and you will get the "Sandip" pop-up

Tags: Cross-Site Scripting (XSS)

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services