CVE-2024-57514

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jan 28, 2025

Updated: Jan 29, 2025

CWE ID 79

Summary

CVE-2024-57514 is a Cross-site Scripting (XSS) vulnerability affecting the TP-Link Archer A20 v3 router. The issue arises due to the router's improper handling of directory listing paths in its web interface. When a maliciously crafted URL is visited, the router's web page displays the directory listing and executes JavaScript embedded in the URL. This allows an attacker to inject malicious code into the page, which can be used to execute JavaScript on the victim's browser. The vulnerability was discovered in the 1.0.6 Build 20231011 rel.85717(5553) version. Successful exploitation could lead to further malicious actions against the user.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database