Federicoheichou

**Name of the Vulnerable Software and Affected Versions** Asus DSL-N14U-B1 version 1.1.2.3 805 **Description** A Cross Site Scripting (XSS) issue exists in the router Asus DSL-N14U-B1 via the "*list" parameters (e.g. `filter lwlist`, `keyword rulelist`, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected, including but not limited to: "cgi-bin/APP Installation.asp", "cgi-bin/Advanced ACL Content.asp", and 68 other asp files. **Recommendations** As a temporary workaround, consider disabling access to the affected asp files until a patch is available. Restrict access to the vulnerable parameters, such as `filter lwlist` and `keyword rulelist`, to minimize the risk of exploitation. Avoid using the vulnerable asp pages in the affected router version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.