CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2021/CVE-2021-3275.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

20 lines
1.1 KiB
Markdown
Raw Permalink Blame History

### [CVE-2021-3275](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3275)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)
### Description
Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization.
### POC
#### Reference
- http://packetstormsecurity.com/files/161989/TP-Link-Cross-Site-Scripting.html
- https://github.com/smriti548/CVE/blob/main/CVE-2021-3275
- https://seclists.org/fulldisclosure/2021/Mar/67
#### Github
- https://github.com/s3curityb3ast/s3curityb3ast.github.io
Reference in New Issue View Git Blame Copy Permalink