Cross Site Scripting Vulnerability in Asus RT-N12E Router
CVE-2025-1354

4.8MEDIUM

Key Information:

Vendor
Asus
Status
Rt-n12e
Rt-n10e
Vendor
CVE Published:
16 February 2025

Summary

A vulnerability has been identified in the Asus RT-N12E with version 2.0.0.19, due to an exposure in the sysinfo.asp file. This flaw allows attackers to manipulate the SSID argument, enabling them to execute cross site scripting (XSS) attacks remotely. The reported exploit has been made public, raising significant security concerns. Despite early notification of this issue, the vendor has not provided any acknowledgment or remedial action.

Affected Version(s)

RT-N10E before 2.0.0.39

RT-N12E before 2.0.0.39

References

https://vuldb.com/?id.295962
vdb-entrytechnical-description
https://vuldb.com/?ctiid.295962
signaturepermissions-required
https://vuldb.com/?submit.496013
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fergod (VulDB User)
.