6d57564d7c
12 changes to exploits/shellcodes Deluge 1.3.15 - 'URL' Denial of Service (PoC) Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC) macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
88 lines
No EOL
2.2 KiB
Text
88 lines
No EOL
2.2 KiB
Text
# Exploit Title: TL-WR840N v5 00000005
|
|
|
|
# Date: 5/10/2019
|
|
|
|
# Exploit Author: purnendu ghosh
|
|
|
|
# Vendor Homepage: https://www.tp-link.com/
|
|
|
|
# Software Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q
|
|
|
|
# Category: Hardware
|
|
|
|
# Firmware Version:0.9.1 3.16 v0001.0 Build 171211 Rel.58800n
|
|
|
|
# Hardware Version:TL-WR840N v5 00000005
|
|
|
|
# Tested on: Windows 10
|
|
|
|
# CVE :CVE-2019-12195.
|
|
|
|
|
|
# Proof Of Concept:
|
|
|
|
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must
|
|
log into the router by breaking the password and going to the admin
|
|
login page by THC-HYDRA to get the network name. With an XSS payload,
|
|
the network name changed automatically and the internet connection was
|
|
disconnected. All the users become disconnected from
|
|
the internet.
|
|
|
|
------------------------------------------
|
|
|
|
[Additional Information]
|
|
To ensure your network to be safe from Renaming and internet disconnection.
|
|
|
|
------------------------------------------
|
|
|
|
[Vulnerability Type]
|
|
Cross Site Scripting (XSS)
|
|
|
|
------------------------------------------
|
|
|
|
[Vendor of Product]
|
|
tp-link
|
|
|
|
------------------------------------------
|
|
|
|
[Affected Product Code Base]
|
|
router - TL-WR840N v5 00000005
|
|
|
|
------------------------------------------
|
|
|
|
[Affected Component]
|
|
Wi-Fi network configured through the router
|
|
|
|
------------------------------------------
|
|
|
|
[Attack Type]
|
|
Remote
|
|
|
|
------------------------------------------
|
|
|
|
[Impact Denial of Service]
|
|
true
|
|
|
|
------------------------------------------
|
|
|
|
[Impact Information Disclosure]
|
|
true
|
|
|
|
------------------------------------------
|
|
|
|
[Attack Vectors]
|
|
Logged in to the router by breaking the password and goes to the admin
|
|
login page by THC-HYDRA and got the network name. Using Burp Suite
|
|
professional version 1.7.32 captured the network name and selected XSS
|
|
payload against the name and started attacking .as a result the
|
|
network name changed automatically and internet connection was
|
|
disconnected in the network. All the users become disconnected from
|
|
internet.
|
|
|
|
------------------------------------------
|
|
|
|
[Discoverer]
|
|
purnendu ghosh
|
|
|
|
[Reference]
|
|
https://www.tp-link.com/us/security |