Tenda AC18 Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Tenda AC18 router running firmware version 15.03.05.05_multi. This vulnerability resides in the SSID parameter within the wireless settings. Remote attackers can inject malicious scripts that are executed when users visit the router's homepage, potentially leading to session hijacking and complete compromise of the router.

Impact

Exploitation of this vulnerability allows for session hijacking and theft of authentication tokens, which could lead to full administrative control of the router.

Reproduction

To reproduce this vulnerability, first log into the Tenda AC18 router's web interface. After authentication, send a POST request to the '/goform/WifiBasicSet' endpoint, including a malicious JavaScript payload in the 'ssid' parameter. This injected script will be stored in the router's configuration. The vulnerability is triggered when any authenticated user, including administrators, visits the '/main.html' dashboard, at which point the stored script executes in their browser.