Posted by Simon Waters (Surevine) on Nov 28

XSS in DHCP name has been reported on the Full Disclosure mailing list for other models of TP-Link Router before.

Seems to be generic to many TP-Link models.

My model has a regular line wrap to the DHCP hostname field, so you need to insert a comment into HTML or JS every N
characters into any exploit code, but it is fully exploitable, and you can write arbitrary JS in that space with a
little effort.

The attacker would have to inject…