Exploits / Vulnerability Discovered : 2019-05-21 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Tplink tlwr840n v5 00000005 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must
log into the router by breaking the password and going to the admin
login page by THC-HYDRA to get the network name. With an XSS payload,
the network name changed automatically and the internet connection was
disconnected. All the users become disconnected from
the internet.
------------------------------------------
[Additional Information]
To ensure your network to be safe from Renaming and internet disconnection.
[Affected Component]
Wi-Fi network configured through the router
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
Logged in to the router by breaking the password and goes to the admin
login page by THC-HYDRA and got the network name. Using Burp Suite
professional version 1.7.32 captured the network name and selected XSS
payload against the name and started attacking .as a result the
network name changed automatically and internet connection was
disconnected in the network. All the users become disconnected from
internet.