Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for RT-AC68U by ASUS Japan Inc.

    CVE-2018-0582 (GCVE-0-2018-0582)

    Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN73742314/index.html third-party-advisoryx_refsource_JVN
    https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/ x_refsource_MISC
    Impacted products
    Vendor Product Version
    ASUS Japan Inc. RT-AC68U Affected: Firmware version prior to 3.0.0.4.380.1031
    Create a notification for this product.
    Date Public
    2018-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#73742314",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73742314/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RT-AC68U",
              "vendor": "ASUS Japan Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware version prior to 3.0.0.4.380.1031"
                }
              ]
            }
          ],
          "datePublic": "2018-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-14T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#73742314",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73742314/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RT-AC68U",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware version prior to 3.0.0.4.380.1031"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ASUS Japan Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#73742314",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73742314/index.html"
                },
                {
                  "name": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/",
                  "refsource": "MISC",
                  "url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0582",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0582 (GCVE-0-2018-0582)

    Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN73742314/index.html third-party-advisoryx_refsource_JVN
    https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/ x_refsource_MISC
    Impacted products
    Vendor Product Version
    ASUS Japan Inc. RT-AC68U Affected: Firmware version prior to 3.0.0.4.380.1031
    Create a notification for this product.
    Date Public
    2018-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#73742314",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73742314/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RT-AC68U",
              "vendor": "ASUS Japan Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Firmware version prior to 3.0.0.4.380.1031"
                }
              ]
            }
          ],
          "datePublic": "2018-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-14T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#73742314",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73742314/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RT-AC68U",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Firmware version prior to 3.0.0.4.380.1031"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ASUS Japan Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#73742314",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73742314/index.html"
                },
                {
                  "name": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/",
                  "refsource": "MISC",
                  "url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0582",
        "datePublished": "2018-05-14T13:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2015-000012

    Vulnerability from jvndb - Published: 2015-01-27 14:24 - Updated:2015-06-17 16:42
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery
    Details
    Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000012.html",
      "dc:date": "2015-06-17T16:42+09:00",
      "dcterms:issued": "2015-01-27T14:24+09:00",
      "dcterms:modified": "2015-06-17T16:42+09:00",
      "description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000012.html",
      "sec:cpe": [
        {
          "#text": "cpe:/h:misc:asus_japan_rt-ac56s",
          "@product": "RT-AC56S",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:misc:asus_japan_rt-ac68u",
          "@product": "RT-AC68U",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:misc:asus_japan_rt-ac87u",
          "@product": "RT-AC87U",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:misc:asus_japan_rt-n56u",
          "@product": "RT-N56U",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:misc:asus_japan_rt-n66u",
          "@product": "RT-N66U",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000012",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN32631078/index.html",
          "@id": "JVN#32631078",
          "@source": "JVN"
        },
        {
          "#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7270",
          "@id": "CVE-2014-7270",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7270",
          "@id": "CVE-2014-7270",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery"
    }

    JVNDB-2015-000011

    Vulnerability from jvndb - Published: 2015-01-27 14:23 - Updated:2015-06-17 16:42
    Severity
    N/A (UNKNOWN) - -
    Summary
    Multiple ASUS wireless LAN routers vulnerable to OS command injection
    Details
    Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
      "dc:date": "2015-06-17T16:42+09:00",
      "dcterms:issued": "2015-01-27T14:23+09:00",
      "dcterms:modified": "2015-06-17T16:42+09:00",
      "description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
      "sec:cpe": [
        {
          "#text": "cpe:/h:misc:asus_japan_rt-ac56s",
          "@product": "RT-AC56S",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:misc:asus_japan_rt-ac68u",
          "@product": "RT-AC68U",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:misc:asus_japan_rt-ac87u",
          "@product": "RT-AC87U",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:misc:asus_japan_rt-n56u",
          "@product": "RT-N56U",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:misc:asus_japan_rt-n66u",
          "@product": "RT-N66U",
          "@vendor": "ASUS JAPAN Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.2",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000011",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN77792759/index.html",
          "@id": "JVN#77792759",
          "@source": "JVN"
        },
        {
          "#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7269",
          "@id": "CVE-2014-7269",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7269",
          "@id": "CVE-2014-7269",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "Multiple ASUS wireless LAN routers vulnerable to OS command injection"
    }