CVE-2024-57514 PoC — TP-LINK Archer A20 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-57514.yaml

Associated Vulnerability

Title:TP-LINK Archer A20 安全漏洞 (CVE-2024-57514)
Description:TP-LINK Archer A20是中国普联（TP-LINK）公司的一款路由器。 TP-LINK Archer A20 v3版本存在安全漏洞，该漏洞源于Web界面对目录列表路径处理不当。攻击者利用该漏洞可以将恶意代码注入页面，在受害者的浏览器上执行JavaScript。

Description

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL. This allows the attacker to inject malicious code into the page, executing JavaScript on the victim's browser, which could then be used for further malicious actions. The vulnerability was identified in the 1.0.6 Build 20231011 rel.85717(5553) version.

File Snapshot


 id: CVE-2024-57514

info:
  name: TP-Link Archer A20 v3 Router - Cross-site Scripting
  author: s4e-

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!