Sign-up

ID

VAR-E-201812-0034


CVE

cve_id:CVE-2018-13134

Trust: 1.5

sources: PACKETSTORM: 150758 // EXPLOIT-DB: 45970

EDB ID

45970


TITLE

TP-Link wireless router Archer C1200 - Cross-Site Scripting - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 45970

DESCRIPTION

TP-Link wireless router Archer C1200 - Cross-Site Scripting. CVE-2018-13134 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 45970

AFFECTED PRODUCTS

vendor:tp linkmodel:wireless router archer c1200scope: - version: -

Trust: 1.6

vendor:tp linkmodel:archer c1200scope: - version: -

Trust: 0.5

sources: PACKETSTORM: 150758 // EXPLOIT-DB: 45970 // EDBNET: 100529

EXPLOIT

[+] Unauthenticated

[+] Author: Usman Saeed (usman [at] xc0re.net)

[+] Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU

[·] Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect an innocent victim to a malicious website, thus compromising the user.

[·] Reason: The remote webserver does not filter special characters or illegal input.

[+] Attack type: Remote

[+] Patch Status: Unpatched

[+] Exploitation:

[!] The Cross-site scripting vector can be executed, as illustrated below

http://hostname/webpages/data/_._.<img src=a onerror=alert(“Reflected-XSS”)>../..%2f

Trust: 1.0

sources: EXPLOIT-DB: 45970

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 45970

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 45970

TYPE

Cross-Site Scripting

Trust: 1.6

sources: EXPLOIT-DB: 45970 // EDBNET: 100529

TAGS

tag:Cross-Site Scripting (XSS)

Trust: 1.0

tag:exploit

Trust: 0.5

tag:xss

Trust: 0.5

sources: PACKETSTORM: 150758 // EXPLOIT-DB: 45970

CREDITS

Usman Saeed

Trust: 0.6

sources: EXPLOIT-DB: 45970

EXTERNAL IDS

db:EXPLOIT-DBid:45970

Trust: 1.6

db:NVDid:CVE-2018-13134

Trust: 1.5

db:EDBNETid:100529

Trust: 0.6

db:PACKETSTORMid:150758

Trust: 0.5

sources: PACKETSTORM: 150758 // EXPLOIT-DB: 45970 // EDBNET: 100529

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2018-13134

Trust: 1.5

url:https://www.exploit-db.com/exploits/45970/

Trust: 0.6

sources: PACKETSTORM: 150758 // EXPLOIT-DB: 45970 // EDBNET: 100529

SOURCES

db:PACKETSTORMid:150758
db:EXPLOIT-DBid:45970
db:EDBNETid:100529

LAST UPDATE DATE

2022-07-27T09:39:51.681000+00:00


SOURCES RELEASE DATE

db:PACKETSTORMid:150758date:2018-12-12T05:04:54
db:EXPLOIT-DBid:45970date:2018-12-11T00:00:00
db:EDBNETid:100529date:2018-12-16T00:00:00