XSS in Asus Rt-ac68u
CVE-2014-2925
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_pag…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (57.0th percentile) — read the EPSS interpretation.
Affected products
- Asus Rt-ac68u
- Asus Rt-ac68u_firmware — versions 3.0.0.4.374.4755, 3.0.0.4.374_4887
- T-mobile Tm-ac1900 — versions 3.0.0.4.376_3169
- N/a — versions n/a
Weakness classification (CWE)
References
- 20140404 Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface (mailing-list, Exploit, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- 66669 (Exploit, vdb-entry, x_refsource_BID)