Skip to content

Latest commit

 

History

History
28 lines (16 loc) · 1.11 KB

File metadata and controls

28 lines (16 loc) · 1.11 KB

TOTOLINK X2000R XSS Vulnerability (VPN)

Description

A Store Cross-site scripting (XSS) vulnerability in VPN Page of TOTOLINK X2000R Gh before version V1.0.0-B20231213.1013.

TOTOLINK X2000R version information

  • Device:TOTOLINK X2000R
  • Firmware Version:V1.0.0-B20231213.1013
  • Manufacturer's website information:https://www.totolink.net/

Vulnerability information

In the "VPN" page, there is an option to start up the vpn server. This setting allows user to provide external connection function.

In this page, users can configure VPN Server by opening this function. And users can choose two VPN connection agreements: PPTP and L2TP.

There is a Store Cross-site scripting vulnerability in "Comment" input box. We can simply input <svg/onload=alert()> to trigger the vulnerability.

After inputting the payload, the web site will execute the javascript we just inputted.This is a Store Cross-site scripting vulnerability, if someone else visits the page, the javascript will also be executed.

Additionally, we found that both "PPTP" and "L2TP" options have the same issue.