I. VULNERABILITY
-------------------------
Stored XSS Vulnerability on TP-Link Archer VR300 v1 - firmware
version: 1.3.0 0.8.0 v007b.1 build 180905 Rel.55344n
II. CVE REFERENCE
-------------------------
-
III. VENDOR
-------------------------
https://www.tp-link.com/
IV. TIMELINE
-------------------------
04/10/2018 Vulnerability discovered
05/10/2018 Vendor contacted
no Response
V. CREDIT
-------------------------
Okan Coşkun from Biznet Bilisim A.S.
Halil Arı From Biznet Bilisim A.S
VI. DESCRIPTION
-------------------------
Tp-Link Router interface is affected by stored XSS vulnerability. A
remote attacker could steal victims cookie or redirect victim to
malicious site.
VII. PROOF OF CONCEPT
-------------------------
Affected Component: VPN Name
Path(inurl): /cgi?3
Affected parameter: connName
On TP-Link Router Interface adding VPN configurations with malicious
VPN Name could execute arbitrary javascript.