CVE-2024-57514
Published: 28 January 2025
Summary
CVE-2024-57514 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Zyenra (inferred from references). Its CVSS base score is 4.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Keylogging (T1056.001); ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
The TP-Link Archer A20 v3 router running firmware version 1.0.6 Build 20231011 rel.85717(5553) contains a cross-site scripting vulnerability (CWE-79) in its web interface. The flaw stems from improper handling of directory listing paths, allowing a crafted URL to cause the page to render attacker-controlled content and execute embedded JavaScript.
An attacker on the adjacent network with low privileges can supply a malicious URL that a victim user visits through the router's web interface. Successful exploitation results in JavaScript execution in the victim's browser with limited confidentiality and integrity impact, as reflected in the CVSS 4.8 rating requiring user interaction and scoped to the affected component.
The vulnerability was detailed in public analysis at zyenra.com, with no vendor advisory or patch information referenced. EPSS rose from a low baseline to a peak of 0.1360 on 2025-12-11 before receding to the current value of 0.0777, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53606
Vulnerability details
The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and…
more
executes arbitrary JavaScript embedded in the URL. This allows the attacker to inject malicious code into the page, executing JavaScript on the victim's browser, which could then be used for further malicious actions. The vulnerability was identified in the 1.0.6 Build 20231011 rel.85717(5553) version.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS enables arbitrary JS execution in victim browser context, directly facilitating keylogging (T1056.001), browser session hijacking (T1185), and web session cookie theft (T1539) as described in the CVE impacts.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Filters information output in the web interface to prevent rendering and execution of arbitrary JavaScript from specially crafted directory listing paths.
Validates URL path inputs to the router's web interface to reject malformed or malicious directory listing requests that trigger XSS.
Identifies and remediates the specific XSS flaw in the TP-Link Archer A20 v3 web interface through timely patching or code fixes.