# Exploit Title: Tenda D152 ADSL Router - Cross-Site Scripting# Exploit Author: Sandip Dey# Date: 2018-07-21# Vendor Homepage:http://www.tendacn.com# Hardware Link: https://www.amazon.in/Tenda-D152-ADSL2-Modem-Router/dp/B00IM8CWTE/ref=sr_1_fkmr0_1?ie=UTF8&qid=1536170904&sr=8-1-fkmr0&keywords=Tenda+D152+ADSL+router# Category: Hardware# Tested on: Windows 8.1# CVE: CVE-2018-14497# Reproduction Steps:
Goto your Wifi Router Gateway [i.e: http://Target]
Go to -->"General Setup"-->"Wireless"--> "Basic Settings
Now change the SSID to <script>alert("Sandip")</script>and hit apply
Refresh the page,and you will get the "Sandip" pop-up
