Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-2188. PoCs published by hacefresko.
AI-analyzed exploit summary The repository contains a functional exploit for CVE-2024-2188, a Stored XSS vulnerability in TP-Link Archer AX50 routers. The PoC demonstrates how an attacker can inject malicious JavaScript via the UPnP service's `AddPortMapping` command, which executes when an authenticated user visits the UPnP tab in the admin interface.
Description
Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.
Exploits (1)
The repository contains a functional exploit for CVE-2024-2188, a Stored XSS vulnerability in TP-Link Archer AX50 routers. The PoC demonstrates how an attacker can inject malicious JavaScript via the UPnP service's `AddPortMapping` command, which executes when an authenticated user visits the UPnP tab in the admin interface.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L