Cross-Site Scripting Vulnerability in ASUS RT-AC58U by ASUS
CVE-2018-18291

6.1MEDIUM

Key Information:

Vendor: Asus
Status: Rt-ac58u Firmware
Vendor: CVE Published:; 14 October 2018

What is CVE-2018-18291?

The vulnerability allows remote attackers to execute arbitrary scripts on the ASUS RT-AC58U device through specific pages, including login and settings interfaces. By leveraging this flaw, an attacker can inject malicious web scripts, compromising user data and potentially leading to further exploitation of the network.

References

https://github.com/remix30303/AsusXSS/

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 14, 2018