Skip to content
/ CVE-2024-2188 Public

Exploit for stored XSS vulnerability found in the TP-Link Archer AX50 router.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hacefresko/CVE-2024-2188

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
vulnerable_fw
vulnerable_fw
 
 
README.md
README.md
 
 
poc.py
poc.py
 
 

Repository files navigation

CVE-2024-2188

CVE-2024-2188 is a Stored XSS vulnerability in the TP-Link Archer AX50 router, affecting firmware version 1.0.11 build 2022052. It occurs in the UPnP service, where command AddPortMapping allows attackers to create a new PortMapping entry without sanitizing user input for the description field. This allows the attacker to inject HTML entities with malicious JavaScript that will be executed when visiting the tha UPnP tab in the NAT Forwarding admin page (Advanced > NAT Forwarding > UPnP). If an authenticated user triggers the XSS, it allows an unatuthenticated attacker to perform actions as that authenticated user, potentially allowing further compromise of the device

About

Exploit for stored XSS vulnerability found in the TP-Link Archer AX50 router.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages