Threat Encyclopedia

ASUS.Routers.Web.Management.Page.XSS

description-logoDescription

This indicates an attack attempt against a Cross-Site Scripting (XSS) vulnerability in the Web management page of Asus routers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted request. An authenticated, remote attacker could exploit this to conduct an XSS attack when an user attempts to change the nickname of the network equipment whose nickname has been injected with JavaScript code.

affected-products-logoAffected Products

Many Asus router models are affected:
RT-AC66U
RT-AC58U
RT-AC54U
RT-AC51U
RT-AC1200HP
RT-ACRH13
RT-N66U
RT-N12 D1
RT-N12HP B1

Impact

System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.asus.com/us/support/#

CVE References

CVE-2018-13154