- Description
- The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL. This allows the attacker to inject malicious code into the page, executing JavaScript on the victim's browser, which could then be used for further malicious actions. The vulnerability was identified in the 1.0.6 Build 20231011 rel.85717(5553) version.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
#exploit 1. CVE-2024-57514: XSS in TP-Link A20 v3 Router - https://t.co/HA0f0sLlHa 2. CVE-2025-21293: AD Domain Services EoP - https://t.co/AwLqPE5vYQ 3. CVE-2025-24118: macOS XNU kernel vulnerability - https://t.co/igtmkN1Gac 4. CVE-2024-8381: SpiderMonkey Interpreter Type… h
@ksg93rd
3 Feb 2025
244 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Wi-FiルータTP-Link Archer A20 v3に反射型クロスサイトスクリプティングの脆弱性。CVE-2024-57514はディレクトリ表示時のサニタイジング不備に起因。Tp-Link公式確認済みだが、保守期限切れ(EOL)のためパッチは提供されない。 https://t.co/pPdRzDz5iq
@__kokumoto
29 Jan 2025
1708 Impressions
5 Retweets
15 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-57514 The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a speciall… https://t.co/5Ol4zqlBMT
@CVEnew
28 Jan 2025
427 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes