PT-2017-17147 · Asus · Asus Rt-N12+ Pro+19
Bruno Bierbaumer
·
Published
2017-03-09
·
Updated
2017-08-16
·
CVE-2017-6547
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers versions prior to 3.0.0.4.380.7378
ASUS RT-AC68W routers versions prior to 3.0.0.4.380.7266
ASUS RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers versions prior to 3.0.0.4.380.9488
Description
A cross-site scripting (XSS) issue exists in the httpd service of various ASUS routers, allowing remote attackers to inject arbitrary JavaScript code by requesting filenames longer than 50 characters.
Recommendations
For ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers, update the firmware to version 3.0.0.4.380.7378 or later.
For ASUS RT-AC68W routers, update the firmware to version 3.0.0.4.380.7266 or later.
For ASUS RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers, update the firmware to version 3.0.0.4.380.9488 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asus Rt-Ac1750
Asus Rt-Ac1900P
Asus Rt-Ac3200
Asus Rt-Ac51U
Asus Rt-Ac53U
Asus Rt-Ac66U
Asus Rt-Ac68U
Asus Rt-Ac750
Asus Rt-Ac87U
Asus Rt-N11P
Asus Rt-N11P B1
Asus Rt-N12+
Asus Rt-N12+ B1
Asus Rt-N12+ Pro
Asus Rt-N12E B1
Asus Rt-N300
Asus Rt-N300 B1
Asus Rt-N56U
Asus Rt-N600
Asus Rt-N66U