CVE-2015-1437

Name of the Vulnerable Software and Affected Versions Asus RT-N10+ D1 router version 2.1.1.1.70

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the flag parameter in the API endpoints result of get changed status.asp and error page.htm is vulnerable.

Recommendations For Asus RT-N10+ D1 router version 2.1.1.1.70, consider disabling access to the result of get changed status.asp and error page.htm endpoints until a patch is available. Avoid using the flag parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.