TP-Link TL-WR841N Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the TP-Link TL-WR841N router, specifically in version 14.0 through 14.8, Build 241230, Rel. 50788n. The vulnerability exists on the upnp.htm page of the web interface, where remote attackers can inject arbitrary JavaScript code via the port mapping description. This injected script is executed when the UPnP page is loaded.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the UPnP page.

Reproduction

To reproduce this vulnerability, first, log into the TP-Link TL-WR841N router's web interface. Navigate to the UPnP settings page. Inject JavaScript code into the port mapping description field. This can be done by adding multiple port mappings, as the description field has a limit of 32 characters. Once the UPnP page is loaded, the injected script will execute. The exploitation can be automated using a Python script that interacts with the router's UPnP client.

Remediation

Users can upgrade to the latest firmware version available on the TP-Link official website to address this vulnerability.