[] NeoSense
E X P L O I T S
title author type platform port cve id

TP-Link wireless router Archer C1200 - Cross-Site Scripting

Author: Usman Saeed
type: webapps
platform: hardware
port: 80.0
date_added: 2018-12-11 
date_updated: 2018-12-12 
verified: 0 
codes: CVE-2018-13134 
tags: Cross-Site Scripting (XSS)
aliases:  
screenshot_url:  
application_url: 
[+] Unauthenticated

[+] Author: Usman Saeed (usman [at] xc0re.net)

[+] Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU

[·] Impact: Client side attacks are very common and are the source of maximum number of user compromises. With this attack, the threat actor can steal cookies, redirect an innocent victim to a malicious website, thus compromising the user.

[·] Reason: The remote webserver does not filter special characters or illegal input.

[+] Attack type: Remote

[+] Patch Status: Unpatched

[+] Exploitation:

[!] The Cross-site scripting vector can be executed, as illustrated below

http://hostname/webpages/data/_._.<img src=a onerror=alert(“Reflected-XSS”)>../..%2f
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.