Details of VAR-E-201710-0022

ID

VAR-E-201710-0022

CVE

cve_id:

CVE-2017-15291

Trust: 1.0

sources: EXPLOIT-DB: 43023

EDB ID

43023

TITLE

TP-Link TL-MR3220 - Cross-Site Scripting - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 43023

DESCRIPTION

TP-Link TL-MR3220 - Cross-Site Scripting. CVE-2017-15291 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 43023

AFFECTED PRODUCTS

vendor:

tp link

model:

tl-mr3220

scope:

version:

Trust: 1.6

sources: EXPLOIT-DB: 43023 // EDBNET: 94772

EXPLOIT

# Exploit Title: Vulnerability Xss - TP-LINK TL-MR3220
# Date: 12/10/2017
# Exploit Author: Thiago "THX" Sena
# Vendor Homepage: http://www.tp-link.com.br
# Version: TL-MR3220
# Tested on: Windows 10
# CVE : CVE-2017-15291

Vulnerabilty: Cross-site scripting (XSS) in TP-LINK TL-MR3220
cve: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15291
---------------------------------------------------------------

PoC:

0x01 - First you go to ( http://IP:PORT/ )

0x02 - In the 'Wireless MAC Filtering' tab.

0x03 - Will add a new MAC Address.

0x04 - In 'Description' it will put the script ( <script>alert('XSS')</script> ) and complete the registration.

0x05 - Xss Vulnerability

--------------------------------------------------------------

Trust: 1.0

sources: EXPLOIT-DB: 43023

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 43023

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 43023

TYPE

Cross-Site Scripting

Trust: 1.6

sources: EXPLOIT-DB: 43023 // EDBNET: 94772

CREDITS

Thiago Sena

Trust: 0.6

sources: EXPLOIT-DB: 43023

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15291	Trust: 2.2
db:	EXPLOIT-DB	id:	43023	Trust: 1.6
db:	EDBNET	id:	94772	Trust: 0.6
db:	0DAYTODAY	id:	28836	Trust: 0.6
db:	EDBNET	id:	94885	Trust: 0.6

sources: EXPLOIT-DB: 43023 // EDBNET: 94772 // EDBNET: 94885

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-15291	Trust: 1.0
url:	https://www.exploit-db.com/exploits/43023/	Trust: 0.6
url:	https://0day.today/exploits/28836	Trust: 0.6

sources: EXPLOIT-DB: 43023 // EDBNET: 94772 // EDBNET: 94885

SOURCES

db:	EXPLOIT-DB	id:	43023
db:	EDBNET	id:	94772
db:	EDBNET	id:	94885

LAST UPDATE DATE

2022-07-27T09:21:25.367000+00:00

SOURCES RELEASE DATE

db:	EXPLOIT-DB	id:	43023	date:	2017-10-12T00:00:00
db:	EDBNET	id:	94772	date:	2017-10-23T00:00:00
db:	EDBNET	id:	94885	date:	2017-10-31T00:00:00