{"id":1612,"date":"2025-01-29T10:10:02","date_gmt":"2025-01-29T10:10:02","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/01\/29\/poc-exploit-released-for-tp-link-router-web-interface-xss-vulnerability\/"},"modified":"2025-01-29T10:10:02","modified_gmt":"2025-01-29T10:10:02","slug":"poc-exploit-released-for-tp-link-router-web-interface-xss-vulnerability","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/01\/29\/poc-exploit-released-for-tp-link-router-web-interface-xss-vulnerability\/","title":{"rendered":"PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability"},"content":{"rendered":"

PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

A Cross-Site Scripting (XSS) vulnerability has been identified in the TP-Link Archer A20 v3 router, specifically in firmware version 1.0.6 Build 20231011 rel.85717(5553).\u00a0<\/p>\n

The issue stems from improper handling of directory listing paths on the router\u2019s web interface. When a specially crafted URL is accessed, the router renders the directory listing and executes arbitrary JavaScript embedded in the URL.\u00a0<\/p>\n

This flaw allows attackers to inject malicious scripts into the page, potentially enabling further exploitation on a victim\u2019s browser. The vulnerability has been classified as CVE-2024-57514 and has a Medium severity CVSS of 4.0.\u00a0\u00a0<\/p>\n

Researcher Ravindu Wickramasinghe (@rvizx9) disclosed this issue, emphasizing its potential for misuse in targeted attacks.<\/p>\n

\nPoC Exploit Released <\/strong>\u2013 CVE-2024-57514<\/strong>
\n<\/h2>\n

The vulnerability resides in the web interface\u2019s \/ path and its subdirectories, where improperly sanitizing directory listing paths allows JavaScript injection.<\/p>\n

Are you from SOC\/DFIR Teams? \u2013\u00a0Analyse Malware Files & Links with ANY.RUN Sandox ->\u00a0Try for Free<\/a><\/strong><\/p>\n

However, due to the cookie path attribute scoped to \/cgi-bin\/luci, cookies related to this path remain inaccessible to attackers leveraging this XSS vulnerability<\/a>.\u00a0<\/p>\n

While direct cookie theft is mitigated, other attack vectors, such as session hijacking or phishing, remain plausible depending on the broader system context.<\/p>\n

By embedding such a script into a specially crafted URL, an attacker can force the router\u2019s web interface to execute arbitrary code<\/a> within a victim\u2019s browser.<\/p>\n

TP-Link has acknowledged the existence of this vulnerability but has stated that the Archer A20 v3 router has reached its End-of-Life (EOL) status under their End-of-Life Policy. Consequently, no patches or corrective actions will be issued for this model.\u00a0<\/p>\n

The company assured users that they are actively reviewing other models for potential vulnerabilities and implementing necessary security measures.<\/p>\n

Security Implications<\/strong><\/h2>\n

While the XSS vulnerability is rated as medium severity, it underscores risks associated with unpatched legacy devices. Attackers could exploit this flaw to:<\/p>\n