CVE-2024-57514
MEDIUM NUCLEITP-Link Archer A20 v3 1.0.6 Build 20231011 rel.85717(5553) - Cross-Site Scripting via Directory Listing Path
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2024-57514. PoCs published by rvzsec, rvizx. A Nuclei detection template is also available.
AI-analyzed exploit summary The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code, technical details, or additional context. It appears to be a placeholder or incomplete submission.
Description
The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL. This allows the attacker to inject malicious code into the page, executing JavaScript on the victim's browser, which could then be used for further malicious actions. The vulnerability was identified in the 1.0.6 Build 20231011 rel.85717(5553) version.
Exploits (2)
The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code, technical details, or additional context. It appears to be a placeholder or incomplete submission.
The repository contains only a README.md file with the CVE identifier and no exploit code or technical details. It appears to be a placeholder or stub for future content.
Nuclei Templates (1)
References (1)
Scores
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N