Luke Walker

**Name of the Vulnerable Software and Affected Versions** ASUS RT-A88U version 3.0.0.4.386 45898 **Description** The ASUS router admin panel does not sanitize the WiFi logs correctly. If an attacker is able to change the SSID of the router with a custom payload, they could achieve stored Cross Site Scripting (XSS) on the device. **Recommendations** For version 3.0.0.4.386 45898, consider restricting access to the admin panel and avoid using custom SSID names until a patch is available. As a temporary workaround, disabling the WiFi logs or limiting their accessibility can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sierra Wireless AirCard versions 760S, 762S, and 763S **Description** The issue concerns a CRLF injection vulnerability in the export.cfg file within the web-based administrative console. This vulnerability allows remote attackers to inject arbitrary headers via CRLF sequences in the `save` parameter. **Recommendations** For Sierra Wireless AirCard versions 760S, 762S, and 763S, consider restricting access to the web-based administrative console until a fix is available. As a temporary workaround, avoid using the `save` parameter in the export.cfg file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.