Zero-Day Advisory

Fortinet Discovers Persistent Cross-Site Scripting Vulnerability in Multiple Asus Routers


Fortinet's FortiGuard Labs has discovered a persistent Cross-Site Scripting (XSS) vulnerability in multiple Asus routers.

ASUSTeK Computer Incorporated (Asus) designs and manufactures a series of network routers. It's one of the best router brands in the world.

The discovered vulnerability could allow an authenticated, remote attacker to conduct an XSS attack when an user attempts to change the nickname of network equipment whose nickname has been injected with JavaScript code.


FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

Released May 29, 2018

Users should apply the solution provided by Asus.

Additional Information

Many Asus router models are affected:








RT-N12 D1



Fortinet reported the vulnerability to Asus on April 02, 2018

Asus confirmed the vulnerability on April 05, 2018

Asus released patch for the vulnerability on May 21, 2018


This vulnerability was discovered by Yonghui Han of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.