| タイトル | Cudy TR1200 1.0 Cross Site Scripting |
|---|
| 説明 | Cudy AC1200 1.0 Cross Site Scripting
Device Information
Device: Cudy TR1200 (HW Ver 1.0)
Firmware Version: 1.16.3-20230804-164635
Product Page: https://www.cudy.com/en-us/products/tr1200-1-0
Vendor Contact: [email protected]
Vulnerability Summary
A stored Cross-Site Scripting (XSS) vulnerability was identified in the administration web interface of the Cudy TR1200 router. The issue affects the SSID fields of both 2.4 GHz and 5 GHz wireless settings. Malicious JavaScript can be injected and executed in the context of the authenticated administrator.
Affected Endpoints
Endpoint: /cgi-bin/luci/admin/network/wireless/config/
Parameters:
- cbi.dce.wireless.vlan10.ssid (2.4 GHz SSID)
- cbi.dce.wireless.vlan1.ssid (5 GHz SSID)
Proof of Concept
1. Log into the router's web administration panel.
2. Navigate to General Settings → Wireless.
3. Set SSID field to the following payload:
"><script>alert(5)</script>
4. Click Save & Apply.
5. The injected JavaScript executes whenever the administrator revisits or updates these or any other settings.
Impact
This vulnerability enables arbitrary JavaScript execution in the context of an authenticated admin. Potential impacts include session hijacking, CSRF bypass, and execution of administrative actions under the victim's privileges. Since the payload is stored, it can persist across sessions and affect other administrators. |
|---|
| ソース | ⚠️ https://github.com/blackcloud411/Cudy_vuln/blob/main/CUDY_TR1200_XSS_Report.docx |
|---|
| ユーザー | 80_ate (UID 89778) |
|---|
| 送信 | 2025年09月17日 05:37 (7 月 ago) |
|---|
| モデレーション | 2025年09月28日 11:42 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 326211 [Cudy TR1200 1.16.3-20230804-164635 Wireless Settings Page config SSID クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|