CVE-2018-14497
MEDIUMTenda D152 ADSL Router - Stored Cross-Site Scripting via SSID
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-14497. PoCs published by Sandip Dey.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the Tenda D152 ADSL Router. By injecting a malicious script into the SSID field under 'Basic Settings', an attacker can execute arbitrary JavaScript in the context of the router's web interface.
Description
Tenda D152 ADSL routers allow XSS via a crafted SSID.
Exploits (1)
exploitdb
WORKING POC
by Sandip Dey · textwebappshardware
https://www.exploit-db.com/exploits/45336
This exploit demonstrates a stored XSS vulnerability in the Tenda D152 ADSL Router. By injecting a malicious script into the SSID field under 'Basic Settings', an attacker can execute arbitrary JavaScript in the context of the router's web interface.
Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Tenda D152 ADSL Router
Auth required
Prerequisites:
Access to the router's admin interface · Valid credentials to modify wireless settings
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/45336/
Exploit, Third Party Advisory x_refsource_misc
https://sandipdeyhack7.blogspot.com/2018/07/cve-2018-14497-tenda-d152-adsl-routers_24.html
Scores
CVSS v3
5.4
EPSS
0.0164
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
tendacn/d152_firmware
Published
Aug 04, 2018
Tracked Since
Feb 18, 2026