Asus Rt-Ac88U Firmware vulnerabilities

5 known vulnerabilities affecting asus/rt-ac88u_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3

Vulnerabilities

Page 1 of 1
CVE-2021-43702CRITICALCVSS 9.0v3.0.0.4.386.460612022-07-05
CVE-2021-43702 [CRITICAL] CWE-79 CVE-2021-43702: ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin pa ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
nvd
CVE-2021-3128HIGHCVSS 7.5fixed in 3.0.0.4.386.42095fixed in 9.0.0.4.386.419942021-04-12
CVE-2021-3128 [HIGH] CWE-834 CVE-2021-3128: In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42 In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination
nvd
CVE-2020-29655HIGHCVSS 7.5fixed in 3.1.0.1082020-12-09
CVE-2020-29655 [HIGH] CWE-74 CVE-2020-29655: An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text inject
nvd
CVE-2020-29656HIGHCVSS 7.5fixed in 3.1.0.1082020-12-09
CVE-2020-29656 [HIGH] CWE-425 CVE-2020-29656: An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direc An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach "unknown functionality" in a "known to be easy" manner via an unspecified "public exploit."
nvd
CVE-2018-9285CRITICALCVSS 9.8PoCfixed in 3.0.0.4.384.100072018-04-04
CVE-2018-9285 [CRITICAL] CWE-78 CVE-2018-9285: Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, R Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and
nvd