CVE-2020-14965
██╗ ██╗████████╗███╗ ███╗██╗ ██╗███╗ ██╗ ██╗███████╗ ██████╗████████╗██╗ ██████╗ ███╗ ██╗
██║ ██║╚══██╔══╝████╗ ████║██║ ██║████╗ ██║ ██║██╔════╝██╔════╝╚══██╔══╝██║██╔═══██╗████╗ ██║
███████║ ██║ ██╔████╔██║██║ ██║██╔██╗ ██║ ██║█████╗ ██║ ██║ ██║██║ ██║██╔██╗ ██║
██╔══██║ ██║ ██║╚██╔╝██║██║ ██║██║╚██╗██║██ ██║██╔══╝ ██║ ██║ ██║██║ ██║██║╚██╗██║
██║ ██║ ██║ ██║ ╚═╝ ██║███████╗ ██║██║ ╚████║╚█████╔╝███████╗╚██████╗ ██║ ██║╚██████╔╝██║ ╚████║
╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝╚══════╝ ╚═╝╚═╝ ╚═══╝ ╚════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝
TP-LINK - Multiple HTML Injection Vulnerabilities
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name.
Researcher: Guilherme Rubert
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14965