Cyber Resilience

CVE-2024-57514

Medium

Published: 28 January 2025

Published
28 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 4.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0777 92.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57514 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Zyenra (inferred from references). Its CVSS base score is 4.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Keylogging (T1056.001); ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

The TP-Link Archer A20 v3 router running firmware version 1.0.6 Build 20231011 rel.85717(5553) contains a cross-site scripting vulnerability (CWE-79) in its web interface. The flaw stems from improper handling of directory listing paths, allowing a crafted URL to cause the page to render attacker-controlled content and execute embedded JavaScript.

An attacker on the adjacent network with low privileges can supply a malicious URL that a victim user visits through the router's web interface. Successful exploitation results in JavaScript execution in the victim's browser with limited confidentiality and integrity impact, as reflected in the CVSS 4.8 rating requiring user interaction and scoped to the affected component.

The vulnerability was detailed in public analysis at zyenra.com, with no vendor advisory or patch information referenced. EPSS rose from a low baseline to a peak of 0.1360 on 2025-12-11 before receding to the current value of 0.0777, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and…

more

executes arbitrary JavaScript embedded in the URL. This allows the attacker to inject malicious code into the page, executing JavaScript on the victim's browser, which could then be used for further malicious actions. The vulnerability was identified in the 1.0.6 Build 20231011 rel.85717(5553) version.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1056.001 Keylogging Collection
Adversaries may log user keystrokes to intercept credentials as the user types them.
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Why these techniques?

XSS enables arbitrary JS execution in victim browser context, directly facilitating keylogging (T1056.001), browser session hijacking (T1185), and web session cookie theft (T1539) as described in the CVE impacts.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-26541Shared CWE-79
CVE-2025-26587Shared CWE-79
CVE-2025-23786Shared CWE-79
CVE-2025-24632Shared CWE-79
CVE-2026-2834Shared CWE-79
CVE-2026-32277Shared CWE-79
CVE-2026-35035Shared CWE-79
CVE-2026-46367Shared CWE-79
CVE-2025-25102Shared CWE-79
CVE-2025-26918Shared CWE-79

Affected Assets

Zyenra
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Filters information output in the web interface to prevent rendering and execution of arbitrary JavaScript from specially crafted directory listing paths.

prevent

Validates URL path inputs to the router's web interface to reject malformed or malicious directory listing requests that trigger XSS.

prevent

Identifies and remediates the specific XSS flaw in the TP-Link Archer A20 v3 web interface through timely patching or code fixes.

References