Exploit for Tenda AC5 AC1200 Wireless Cross Site Scripting CVE-2021-3186

Name: Exploit for Tenda AC5 AC1200 Wireless Cross Site Scripting CVE-2021-3186
Rating: 5 (178 reviews)

2021-01-26 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:161119
# Exploit Title: Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting  
# Exploit Author: Chiragh Arora  
# Hardware Model: Tenda AC5 AC1200  
# Firmware version: V15.03.06.47_multi  
# Tested on: Kali Linux  
# CVE ID: CVE-2021-3186  
# Date: 25.01.2021  
  
##########################################################################  
  
Steps to Reproduce -  
  
- Navigate to the Tenda AC1200 gateway with 192.168.0.1   
- Follow up to the WiFi Settings and click the “WiFi Name & Password” option there.  
- Manipulate the WiFi Name with "<script>alert(1)</script>"  
- Click the “Save” button & as the page refresh, you’ll got an alert stating “1” within it.  
  
Note: It doesn’t matter which Network Name parameter (2.4 GHz or 5 GHz) you’re manipulating, you’ll encounter the popup over in both of them.