Search
Find a vulnerability
Search criteria
2 vulnerabilities found for 4g-ac53u_firmware by asus
CVE-2021-43702 (GCVE-0-2021-43702)
Vulnerability from nvd – Published: 2022-07-05 11:50 – Updated: 2024-08-04 04:03
VLAI
Summary
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.asus.com/uk/Networking-IoT-Servers/Wi… | x_refsource_MISC |
| https://www.kroll.com/en/insights/publications/cy… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-05T11:50:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/",
"refsource": "MISC",
"url": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/"
},
{
"name": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch",
"refsource": "MISC",
"url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43702",
"datePublished": "2022-07-05T11:50:03.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43702 (GCVE-0-2021-43702)
Vulnerability from cvelistv5 – Published: 2022-07-05 11:50 – Updated: 2024-08-04 04:03
VLAI
Summary
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.asus.com/uk/Networking-IoT-Servers/Wi… | x_refsource_MISC |
| https://www.kroll.com/en/insights/publications/cy… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-05T11:50:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/",
"refsource": "MISC",
"url": "https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/"
},
{
"name": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch",
"refsource": "MISC",
"url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43702",
"datePublished": "2022-07-05T11:50:03.000Z",
"dateReserved": "2021-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}