ASUS.Routers.Web.Management.Page.XSS
Description
This indicates an attack attempt against a Cross-Site Scripting (XSS) vulnerability in the Web management page of Asus routers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted request. An authenticated, remote attacker could exploit this to conduct an XSS attack when an user attempts to change the nickname of the network equipment whose nickname has been injected with JavaScript code.
Affected Products
Many Asus router models are affected:
RT-AC66U
RT-AC58U
RT-AC54U
RT-AC51U
RT-AC1200HP
RT-ACRH13
RT-N66U
RT-N12 D1
RT-N12HP B1
Impact
System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.asus.com/us/support/#
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-11-22 | 15.729 | Name:Asus. Router. Web. Management. Page. XSS:ASUS. Routers. Web. Management. Page. XSS |