At a glance:
| VD Number | FG-VD-18-034 |
| Date Discovered | Apr 02, 2018 |
| Risk | 
|
| Impact | Cross-Site Scripting |
| CVE ID | CVE-2018-13154 |
| Affected Software |
Multiple Routers |
| IPS Package Version | 13.384 |
Refine Search
Zero-Day Advisory
Fortinet Discovers Persistent Cross-Site Scripting Vulnerability in Multiple Asus Routers
Summary
Fortinet's FortiGuard Labs has discovered a persistent Cross-Site Scripting (XSS) vulnerability in multiple Asus routers.
ASUSTeK Computer Incorporated (Asus) designs and manufactures a series of network routers. It's one of the best router brands in the world.
The discovered vulnerability could allow an authenticated, remote attacker to conduct an XSS attack when an user attempts to change the nickname of network equipment whose nickname has been injected with JavaScript code.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Asus.Router.Web.Management.Page.XSS
Released May 29, 2018
Users should apply the solution provided by Asus.
Additional Information
Many Asus router models are affected:
RT-AC66U
RT-AC58U
RT-AC54U
RT-AC51U
RT-AC1200HP
RT-ACRH13
RT-N66U
RT-N12 D1
RT-N12HP B1
Timeline
Fortinet reported the vulnerability to Asus on April 02, 2018
Asus confirmed the vulnerability on April 05, 2018
Asus released patch for the vulnerability on May 21, 2018
References
-
https://www.asus.com/Networking/RTAC66U/HelpDesk_BIOS/
https://www.asus.com/Networking/RT-AC58U/HelpDesk_BIOS/
https://www.asus.com/Networking/RTAC54U/HelpDesk_BIOS/
https://www.asus.com/Networking/RTAC51U/HelpDesk_BIOS/
https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/
https://www.asus.com/Networking/RT-AC58U/HelpDesk_BIOS/
https://www.asus.com/Networking/RTN66U/HelpDesk_BIOS/
https://www.asus.com/Networking/RTN12_D1/HelpDesk_BIOS/
https://www.asus.com/Networking/RTN12HP_B1/HelpDesk_BIOS/
- CVE-2018-13154
Acknowledgement
This vulnerability was discovered by Yonghui Han of Fortinet's FortiGuard Labs.