Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-14965 PoC — TP-Link TL-WR740N和TL-WR740ND 注入漏洞

Source
https://github.com/g-rubert/CVE-2020-14965
Associated Vulnerability
Title:TP-Link TL-WR740N和TL-WR740ND 注入漏洞 (CVE-2020-14965)
Description:TP-Link TL-WR740N和TP-Link TL-WR740ND都是中国普联(TP-Link)公司的一款无线路由器。 TP-Link TL-WR740N v4版本和TL-WR740ND v4版本中存在安全漏洞。攻击者可借助targets_lists_name或hosts_lists_name利用该漏洞注入HTML代码并更改目标页面和站点的HTML上下文。
Description
TP-LINK Multiple HTML Injection Vulnerabilities
Readme
# CVE-2020-14965

```

██╗  ██╗████████╗███╗   ███╗██╗         ██╗███╗   ██╗     ██╗███████╗ ██████╗████████╗██╗ ██████╗ ███╗   ██╗
██║  ██║╚══██╔══╝████╗ ████║██║         ██║████╗  ██║     ██║██╔════╝██╔════╝╚══██╔══╝██║██╔═══██╗████╗  ██║
███████║   ██║   ██╔████╔██║██║         ██║██╔██╗ ██║     ██║█████╗  ██║        ██║   ██║██║   ██║██╔██╗ ██║
██╔══██║   ██║   ██║╚██╔╝██║██║         ██║██║╚██╗██║██   ██║██╔══╝  ██║        ██║   ██║██║   ██║██║╚██╗██║
██║  ██║   ██║   ██║ ╚═╝ ██║███████╗    ██║██║ ╚████║╚█████╔╝███████╗╚██████╗   ██║   ██║╚██████╔╝██║ ╚████║
╚═╝  ╚═╝   ╚═╝   ╚═╝     ╚═╝╚══════╝    ╚═╝╚═╝  ╚═══╝ ╚════╝ ╚══════╝ ╚═════╝   ╚═╝   ╚═╝ ╚═════╝ ╚═╝  ╚═══╝
                                                                                                            
```


**TP-LINK - Multiple HTML Injection Vulnerabilities**

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name.

<br>**Researcher:** Guilherme Rubert
<br>**References:**

<p>https://www.tp-link.com/br/
<p>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14965
<p>https://nvd.nist.gov/vuln/detail/CVE-2020-14965
File Snapshot

 [4.0K]  /data/pocs/36790df77e1a4b94d2d45dfd68b332575871e5da
└── [2.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.