CVE-2014-2925

Name of the Vulnerable Software and Affected Versions ASUS RT-AC68U and other RT series routers versions prior to 3.0.0.4.374.5047

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the current page parameter to "apply.cgi".

Recommendations For versions prior to 3.0.0.4.374.5047, update the firmware to version 3.0.0.4.374.5047 or later to resolve the issue. As a temporary workaround, consider restricting access to the "apply.cgi" endpoint to minimize the risk of exploitation. Avoid using the current page parameter in the affected endpoint until the issue is resolved.