Cyber Security News

TP-Link Router Web Interface XSS Vulnerability – PoC Exploit Released

A recently discovered Cross-site Scripting (XSS) vulnerability, CVE-2024-57514, affecting the TP-Link Archer A20 v3 Router has raised security concerns among users.

The flaw CVE-2024-57514, identified in firmware version 1.0.6 Build 20231011 rel.85717(5553), allows attackers to execute arbitrary JavaScript code through the router’s web interface, potentially leading to malicious exploitation.

Discovery of the Vulnerability

The vulnerability stems from improper input validation of directory listing paths in the router’s web interface.

By crafting a maliciously designed URL, an attacker can trigger the execution of embedded JavaScript code in the browser of any user who visits the page.

This enables the injection of malicious scripts, which could be leveraged for phishing attacks, session hijacking, or other malicious activities.

The issue lies in the router’s handling of directory listings, which fails to sanitize user input. For example, a payload like the one below demonstrates how JavaScript can be executed:

http://192.168.0.1/<style onload=alert`rvz`;>../..%2f

When this URL is accessed, it triggers an alert box as a demonstration but could be extended to execute more harmful scripts depending on the attacker’s intentions.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Analysis and Proof of Concept (PoC)

The vulnerability allows JavaScript execution on the / path and in sub-directories. However, it does not expose cookies scoped to the /cgi-bin/luci path due to the cookie’s path attribute, which restricts access to that specific directory.

While this limitation prevents direct cookie theft, attackers could still exploit the XSS vulnerability to perform other malicious actions, including phishing or browser-based exploitation.

A video proof-of-concept (PoC) showcasing this vulnerability has been shared by security researchers, highlighting its potential impact on unprotected users.

According to the Zyenra report, TP-Link has confirmed the vulnerability but stated that the Archer A20 v3 router has reached its End of Life (EOL) and will not receive any further updates or patches.

Citing the limited scope and severity as evaluated by their security teams, TP-Link has decided against addressing the issue in this model.

The company reassured users that they are actively reviewing other models to ensure their security, advising customers to update to newer, supported devices for continued protection.

While the vulnerability’s direct impact is mitigated by certain restrictions, users of the TP-Link Archer A20 v3 router are advised to take caution.

Upgrading to a supported router model is highly recommended, as discontinued devices no longer receive critical security updates, leaving them exposed to potential threats.

Cybersecurity professionals also caution users to avoid visiting untrusted links or URLs to minimize exposure to such vulnerabilities.

Collect Threat Intelligence with TI Lookup to improve your company’s security - Get 50 Free Request

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score of…

2 hours ago

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux, and…

2 hours ago

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security Features…

2 hours ago

Seamless AI Communication: Microsoft Azure Adopts Google’s A2A Protocol

Microsoft has announced its support for the Agent2Agent (A2A) protocol, an open standard developed in…

2 hours ago

Radware Cloud Web App Firewall Flaw Allows Attackers to Bypass Security Filters

Security researchers have uncovered two critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that…

2 hours ago

ESET Reveals How to Spot Fake Calls Demanding Payment for ‘Missed Jury Duty’

ESET, a leading cybersecurity firm, has shed light on one particularly insidious scheme: fake calls…

3 hours ago