Share
I. VULNERABILITY  
-------------------------  
Stored XSS Vulnerability on TP-Link Archer VR300 v1 - firmware  
version: 1.3.0 0.8.0 v007b.1 build 180905 Rel.55344n  
  
II. CVE REFERENCE  
-------------------------  
-  
  
III. VENDOR  
-------------------------  
https://www.tp-link.com/  
  
IV. TIMELINE  
-------------------------  
04/10/2018 Vulnerability discovered  
05/10/2018 Vendor contacted  
no Response  
  
V. CREDIT  
-------------------------  
Okan Coşkun from Biznet Bilisim A.S.  
Halil Arı From Biznet Bilisim A.S  
  
VI. DESCRIPTION  
-------------------------  
Tp-Link Router interface is affected by stored XSS vulnerability. A  
remote attacker could steal victims cookie or redirect victim to  
malicious site.  
  
VII. PROOF OF CONCEPT  
-------------------------  
Affected Component: VPN Name  
Path(inurl): /cgi?3  
Affected parameter: connName  
  
On TP-Link Router Interface adding VPN configurations with malicious  
VPN Name could execute arbitrary javascript.