Cross site scripting

2014-04-2213:06:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.

CPENameOperatorVersion
rt-ac68u_firmwareeq<= 3.0.0.4.374-4983
rt-ac68u_firmwareeq3.0.0.4.374.4755
rt-ac68u_firmwareeq3.0.43744887
tm-ac1900eq3.0.43763169

Name	Operator	Version
rt-ac68u_firmware	eq	<= 3.0.0.4.374-4983
rt-ac68u_firmware	eq	3.0.0.4.374.4755
rt-ac68u_firmware	eq	3.0.43744887
tm-ac1900	eq	3.0.43763169

References

seclists.org/fulldisclosure/2014/Apr/59

support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29

www.asus.com/Networking/RTAC68U/HelpDesk_Download/

www.securityfocus.com/bid/66669

support.t-mobile.com/docs/DOC-21994