Disclaimer: [This POC is for Educational Purposes , I would Not be
responsible for any misuse of the information mentioned in this blog post]
Hello folks. An Input validation vulnerability was found in TP-Link Archer c1200 v1.0, which results in client side code execution.
[CVE-2018-13134]
[+] Unauthenticated
[+] Author: Usman Saeed (usman [at] xc0re.net)
[+] Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU
[·] Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect an innocent victim to a malicious website, thus compromising the user.
[·] Reason: The remote webserver does not filter special characters or illegal input.
[+] Attack type: Remote
[+] Patch Status: Unpatched
[+] Exploitation:
[!] The Cross-site scripting vector can be executed, as illustrated below
http://hostname/webpages/data/_._.<img src=a onerror=alert(“Reflected-XSS”)>../..%2f
[-] Responsible Disclosure:
- April, 2018 – Contacted TP-Link via their web based form
- May, 2018 – No Reply yet
- May 26, 2018 – Public Disclosure