# Exploit Title: Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting# Exploit Author: Chiragh Arora# Hardware Model: Tenda AC5 AC1200# Firmware version: V15.03.06.47_multi# Tested on: Kali Linux# CVE ID: CVE-2021-3186# Date: 25.01.2021##########################################################################
Steps to Reproduce -- Navigate to the Tenda AC1200 gateway with192.168.0.1- Follow up to the WiFi Settings and click the “WiFi Name & Password” option there.- Manipulate the WiFi Name with"<script>alert(1)</script>"- Click the “Save” button &as the page refresh, you’ll got an alert stating “1” within it.
Note: It doesn’t matter which Network Name parameter (2.4 GHz or5 GHz) you’re manipulating, you’ll encounter the popup over in both of them.
