CVE-2020-29655

CWE-743 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 53.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Rt-ac88u Firmware
Timeline
PublishedDec 9
Latest updateMay 24

Description

An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDasus/rt-ac88u_firmware< 3.1.0.108

🔴Vulnerability Details

2
GHSA
GHSA-c3hj-2397-cgqm: An injection vulnerability exists in RT-AC88U Download Master before 32022-05-24
CVEList
CVE-2020-29655: An injection vulnerability exists in RT-AC88U Download Master before 32020-12-09
CVE-2020-29655 (HIGH CVSS 7.5) | An injection vulnerability exists i | cvebase.io