Asus Rt-Ac58U Firmware vulnerabilities

5 known vulnerabilities affecting asus/rt-ac58u_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-43702CRITICALCVSS 9.0v3.0.0.4.386.460612022-07-05
CVE-2021-43702 [CRITICAL] CWE-79 CVE-2021-43702: ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin pa ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
nvd
CVE-2021-3128HIGHCVSS 7.5fixed in 3.0.0.4.386.42095fixed in 9.0.0.4.386.419942021-04-12
CVE-2021-3128 [HIGH] CWE-834 CVE-2021-3128: In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42 In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination
nvd
CVE-2018-18291MEDIUMCVSS 6.1v3.0.0.4.380.65162018-10-14
CVE-2018-18291 [MEDIUM] CWE-79 CVE-2018-18291: A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote a A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cg
nvd
CVE-2018-18287MEDIUMCVSS 5.3v3.0.0.4.380.65162018-10-14
CVE-2018-18287 [MEDIUM] CWE-200 CVE-2018-18287: On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.
nvd
CVE-2018-8826CRITICALCVSS 9.8v3.0.0.4.380.82282018-04-20
CVE-2018-8826 [CRITICAL] CWE-20 CVE-2018-8826: ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possi
nvd