Cross-Site Scripting Vulnerabilities in ASUS RT-G32 Routers
CVE-2015-2681

Currently unrated

Key Information:

Vendor: Asus
Status: Rt-g32 Firmware
Vendor: CVE Published:; 23 March 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist within the ASUS RT-G32 routers, specifically in firmware versions 2.0.2.6 and 2.0.3.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML through specific parameters in requests to start_apply.htm. Exploiting these vulnerabilities could potentially lead to unauthorized actions and compromise user security, emphasizing the importance of applying necessary patches and updates to mitigate risks.

References

http://seclists.org/fulldisclosure/2015/Mar/42

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/130724/ASUS-RT-G32-C...

x_refsource_MISC

http://websecurity.com.ua/7644/

x_refsource_MISC

Timeline

Vulnerability published
Mar 23, 2015
Vulnerability Reserved
Mar 23, 2015