Cross-Site Scripting Vulnerability in ASUS RT-AC68U Router Firmware
CVE-2018-0582

6.1MEDIUM

Key Information:

Vendor: Asus Japan Inc.
Status: Rt-ac68u
Vendor: CVE Published:; 14 May 2018

Summary

A cross-site scripting vulnerability exists in the firmware of the ASUS RT-AC68U router. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the router's interface, potentially compromising user interaction and data integrity. Attackers may exploit this vulnerability through unspecified vectors, posing a serious risk for users who have not updated to firmware version 3.0.0.4.380.1031 or later.

Affected Version(s)

RT-AC68U Firmware version prior to 3.0.0.4.380.1031

References

http://jvn.jp/en/jp/JVN73742314/index.html

third-party-advisoryx_refsource_JVN

https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 14, 2018
Vulnerability Reserved
Nov 27, 2017