Authored by 0x783

Tenda AC6 AC1200 version 15.03.06.50_multi suffers from a persistent cross site scripting vulnerability.

advisories | CVE-2022-40010

# Exploit Title: Stored Cross-Site scripting in the Tenda router via the deviceId parameter in the Parental Control module
# Google Dork: None.
# Date: Aug-30-2022
# Exploit Author: 0x783
# Vendor Homepage: https://tendacn.com/default.html
# Software Link: https://www.tendacn.com/product/download/AC6.html
# Version: AC6 AC1200 Smart Dual-Band WiFi Router - V15.03.06.50_multi
# Tested on: Linux 5.15.0-58-generic
# CVE : CVE-2022-40010
-------------------------------------------------------------------------

# 1. Technical Description:
Tenda AC6 AC1200 Smart Dual-Band WiFi Router V15.03.06.50 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the deviceId parameter in the parental control section.

# Steps to reproduce:
1- Navigate to the router webserver usually at "http://192.168.0.1", or whatever the address of the router is.
2- Navigate to the parental control section from the side bar.
3- Add a new device to the list with any fake MAC address, device name, URL.
4- Intercept the request using burpsuite and change the "deviceId" parameter to any javascript code (EX: <script>alert(document.domain")</script>).
5- A pop-up with the domain should appear.