| 제목 | Cudy TR1200 1.0 Cross Site Scripting |
|---|
| 설명 | Cudy AC1200 1.0 Cross Site Scripting
Device Information
Device: Cudy TR1200 (HW Ver 1.0)
Firmware Version: 1.16.3-20230804-164635
Product Page: https://www.cudy.com/en-us/products/tr1200-1-0
Vendor Contact: [email protected]
Vulnerability Summary
A stored Cross-Site Scripting (XSS) vulnerability was identified in the administration web interface of the Cudy TR1200 router. The issue affects the SSID fields of both 2.4 GHz and 5 GHz wireless settings. Malicious JavaScript can be injected and executed in the context of the authenticated administrator.
Affected Endpoints
Endpoint: /cgi-bin/luci/admin/network/wireless/config/
Parameters:
- cbi.dce.wireless.vlan10.ssid (2.4 GHz SSID)
- cbi.dce.wireless.vlan1.ssid (5 GHz SSID)
Proof of Concept
1. Log into the router's web administration panel.
2. Navigate to General Settings → Wireless.
3. Set SSID field to the following payload:
"><script>alert(5)</script>
4. Click Save & Apply.
5. The injected JavaScript executes whenever the administrator revisits or updates these or any other settings.
Impact
This vulnerability enables arbitrary JavaScript execution in the context of an authenticated admin. Potential impacts include session hijacking, CSRF bypass, and execution of administrative actions under the victim's privileges. Since the payload is stored, it can persist across sessions and affect other administrators. |
|---|
| 원천 | ⚠️ https://github.com/blackcloud411/Cudy_vuln/blob/main/CUDY_TR1200_XSS_Report.docx |
|---|
| 사용자 | 80_ate (UID 89778) |
|---|
| 제출 | 2025. 09. 17. AM 05:37 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 28. AM 11:42 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 326211 [Cudy TR1200 1.16.3-20230804-164635 Wireless Settings Page config SSID 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|