ASUS RT-AX88U - Stored XSS
CVE-2023-34360

8.2HIGH

Key Information:

Vendor: Asus
Status: Rt-ax88u
Vendor: CVE Published:; 31 July 2023

Summary

A security flaw has been identified in the Custom User Icons feature of the ASUS RT-AX88U router. This vulnerability allows a remote attacker with regular user access to execute a stored cross-site scripting (XSS) attack by uploading an image containing malicious JavaScript code. This could lead to unauthorized actions on behalf of the user and compromise sensitive information. Users are advised to upgrade to the latest firmware version to mitigate this risk.

Affected Version(s)

RT-AX88U <= 3.0.0.4.388.23110

References

https://https://www.twcert.org.tw/tw/cp-132-7281-dc87d-1....

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 31, 2023
Vulnerability Reserved
Jun 2, 2023