Tenda Router W300D Multiple Vulnerability

2018.09.21
it Work LearninG (IT) it
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-79

[+] Exploit Title ; Tenda Router W300D Multiple Vulnerability [+] Date : 2018-09-21 [+] Author : Work LearninG [+] Vendor Homepage : http://www.tendacn.com/us/default.html [+] Version : 1.0.1.16_en [+] Dork : N/A [+] My Site : https://worklearning.ir [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : support@worklearning.ir [+] Description : [!] Tenda technology is the recognized leading supplier of networking devices and equipments. Tenda has committed to delivering easy-to-install and affordable networking solutions, offering innovative, cutting-edge products to realize people's intelligent life. Innovation is the soul of Tenda technology. [+] Poc : [!] Go to your panel of tenda modem and find ssid [!] change the ssid name and input your xss payload. [!] now if you go the security sub menu you can see the /0P3N3R/ [!] But it's not over.you can see any codes on your panel of tenda router. and you can't change the ssid or and settings. You must reset the router. [!] Payload : [*] <script>alert(/0P3N3R/)</script> [+] Security Level : [!] Med [+] Exploitation Technique: [!] LOCAL [+] Request Method : [!] POST [+] Vulnerability Link : [*] http://192.168.1.1/main.asp [+] Vulnerable File (s) : [!] main.asp [+] Fix : [!] Restrict user input or replace bad characters [+] We Are : [+] 0P3N3R


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top