CVE-2021-43702

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
9.0CRITICAL
EPSS
0.5%
top 33.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
93
Asus 4g-ac53u FirmwareAsus 4g-ac68u FirmwareAsus ROG Rapture Gt-ac2900 Firmware+90 more
Timeline
PublishedJul 5
Latest updateJul 6

Description

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages93 packages

NVDasus/zenwifi_ac_firmware3.0.0.4.386.46061
NVDasus/zenwifi_ax_firmware3.0.0.4.386.46061
NVDasus/zenwifi_et8_firmware3.0.0.4.386.46061
NVDasus/zenwifi_xd5_firmware3.0.0.4.386.46061
NVDasus/zenwifi_xd6_firmware3.0.0.4.386.46061

🔴Vulnerability Details

2
GHSA
GHSA-vf6p-785f-8qgq: ASUS RT-A88U 32022-07-06
CVEList
CVE-2021-43702: ASUS RT-A88U 32022-07-05
CVE-2021-43702 (CRITICAL CVSS 9) | ASUS RT-A88U 3.0.0.4.386_45898 is v | cvebase.io