CVE-2024-57514

Name of the Vulnerable Software and Affected Versions TP-Link Archer A20 v3 version 1.0.6 Build 20231011 rel.85717(5553)

Description The issue arises from improper handling of directory listing paths in the web interface, allowing for Cross-site Scripting (XSS) attacks. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL. This enables an attacker to inject malicious code into the page, executing JavaScript on the victim's browser, which could then be used for further malicious actions.

Recommendations For TP-Link Archer A20 v3 version 1.0.6 Build 20231011 rel.85717(5553), consider disabling access to the web interface until a patch is available to prevent potential exploitation. Restrict access to the router's web page to minimize the risk of XSS attacks. Avoid using the router's web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.