Cross-Site Scripting Vulnerability in ASUS Japan WL-330NUL Devices
CVE-2015-7790

6.1MEDIUM

Key Information:

Vendor
Asus
Status
Wl-330nul Firmware
Vendor
CVE Published:
30 December 2015

Summary

A cross-site scripting vulnerability exists on ASUS Japan WL-330NUL devices running firmware prior to version 3.0.0.42. This flaw allows remote attackers to inject arbitrary web scripts or HTML into affected devices through unspecified vectors, potentially compromising the security and privacy of users interacting with the device's web interface.

References

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000195
third-party-advisoryx_refsource_JVNDB
http://www.asus.com/jp/News/FX04LE8HN0qBoqFI
x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN89965717/index.html
third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.