## https://sploitus.com/exploit?id=EDB-ID:49478
# Exploit Title: Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
# Exploit Author: Chiragh Arora
# Hardware Model: Tenda AC5 AC1200
# Firmware version: V15.03.06.47_multi
# Tested on: Kali Linux
# CVE ID: CVE-2021-3186
# Date: 25.01.2021
##########################################################################
Steps to Reproduce -
- Navigate to the Tenda AC1200 gateway with 192.168.0.1
- Follow up to the WiFi Settings and click the âWiFi Name & Passwordâ option there.
- Manipulate the WiFi Name with "<script>alert(1)</script>"
- Click the âSaveâ button & as the page refresh, youâll got an alert stating â1â within it.
Note: It doesnât matter which Network Name parameter (2.4 GHz or 5 GHz) youâre manipulating, youâll encounter the popup over in both of them.