Cudy TR1200 Cross-Site Scripting Vulnerability in Wireless Settings Page

A cross-site scripting (XSS) vulnerability has been identified in the Cudy TR1200 router, specifically in the wireless settings page of the administration interface. This issue affects version 1.16.3-20230804-164635. The vulnerability arises from an unknown function in the file '/cgi-bin/luci/admin/network/wireless/config/', where manipulation of the SSID argument allows for the injection of malicious JavaScript. The exploitation can be done remotely and requires authentication as an administrator.

Impact

Exploitation of this vulnerability allows for the execution of injected JavaScript in the context of an authenticated administrator. This could lead to session hijacking, bypassing Cross-Site Request Forgery (CSRF) protections, and performing administrative actions on behalf of the victim. Since the payload is stored, it persists across sessions and can affect other administrators.

Reproduction

To reproduce this vulnerability, log into the router's web administration panel and navigate to the wireless settings. Inject a script payload into the SSID field for either the 2.4 GHz or 5 GHz network, then save the changes. The injected script will execute the next time the administrator accesses the settings.