Thursday, May 8, 2025
HomeCVE/vulnerabilityTP-Link Router Web Interface XSS Vulnerability - PoC Exploit Released

TP-Link Router Web Interface XSS Vulnerability – PoC Exploit Released

Published on

SIEM as a Service

Follow Us on Google News

A recently discovered Cross-site Scripting (XSS) vulnerability, CVE-2024-57514, affecting the TP-Link Archer A20 v3 Router has raised security concerns among users.

The flaw CVE-2024-57514, identified in firmware version 1.0.6 Build 20231011 rel.85717(5553), allows attackers to execute arbitrary JavaScript code through the router’s web interface, potentially leading to malicious exploitation.

Discovery of the Vulnerability

The vulnerability stems from improper input validation of directory listing paths in the router’s web interface.

- Advertisement - Google News

By crafting a maliciously designed URL, an attacker can trigger the execution of embedded JavaScript code in the browser of any user who visits the page.

This enables the injection of malicious scripts, which could be leveraged for phishing attacks, session hijacking, or other malicious activities.

The issue lies in the router’s handling of directory listings, which fails to sanitize user input. For example, a payload like the one below demonstrates how JavaScript can be executed:

http://192.168.0.1/<style onload=alert`rvz`;>../..%2f

When this URL is accessed, it triggers an alert box as a demonstration but could be extended to execute more harmful scripts depending on the attacker’s intentions.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Analysis and Proof of Concept (PoC)

The vulnerability allows JavaScript execution on the / path and in sub-directories. However, it does not expose cookies scoped to the /cgi-bin/luci path due to the cookie’s path attribute, which restricts access to that specific directory.

While this limitation prevents direct cookie theft, attackers could still exploit the XSS vulnerability to perform other malicious actions, including phishing or browser-based exploitation.

A video proof-of-concept (PoC) showcasing this vulnerability has been shared by security researchers, highlighting its potential impact on unprotected users.

According to the Zyenra report, TP-Link has confirmed the vulnerability but stated that the Archer A20 v3 router has reached its End of Life (EOL) and will not receive any further updates or patches.

Citing the limited scope and severity as evaluated by their security teams, TP-Link has decided against addressing the issue in this model.

The company reassured users that they are actively reviewing other models to ensure their security, advising customers to update to newer, supported devices for continued protection.

While the vulnerability’s direct impact is mitigated by certain restrictions, users of the TP-Link Archer A20 v3 router are advised to take caution.

Upgrading to a supported router model is highly recommended, as discontinued devices no longer receive critical security updates, leaving them exposed to potential threats.

Cybersecurity professionals also caution users to avoid visiting untrusted links or URLs to minimize exposure to such vulnerabilities.

Collect Threat Intelligence with TI Lookup to improve your company’s security - Get 50 Free Request

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Researchers Turn the Tables: Scamming the Scammers in Telegram’s PigButchering Scheme

Cybersecurity specialists have devised an innovative approach to combat an emerging cybercrime called "PigButchering"...

New Spam Campaign Leverages Remote Monitoring Tools to Exploit Organizations

A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco...

New Attack Exploits X/Twitter Ad URL Feature to Deceive Users

Silent Push Threat Analysts have recently exposed a sophisticated financial scam leveraging a vulnerability...

Guess Which Browser Tops the List for Data Collection!

Google Chrome has emerged as the undisputed champion of data collection among 10 popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Researchers Turn the Tables: Scamming the Scammers in Telegram’s PigButchering Scheme

Cybersecurity specialists have devised an innovative approach to combat an emerging cybercrime called "PigButchering"...

New Spam Campaign Leverages Remote Monitoring Tools to Exploit Organizations

A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco...

New Attack Exploits X/Twitter Ad URL Feature to Deceive Users

Silent Push Threat Analysts have recently exposed a sophisticated financial scam leveraging a vulnerability...