CVE-2018-18291

Name of the Vulnerable Software and Affected Versions ASUS RT-AC58U version 3.0.0.4.380 6516

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via various pages, including Advanced ASUSDDNS Content.asp, Advanced WSecurity Content.asp, Advanced Wireless Content.asp, Logout.asp, Main Login.asp, MobileQIS Login.asp, QIS wizard.htma, YandexDNS.asp, ajax status.xml, apply.cgi, clients.asp, disk.asp, disk utility.asp, or internet.asp.

Recommendations For ASUS RT-AC58U version 3.0.0.4.380 6516, consider restricting access to the mentioned pages as a temporary workaround until a patch is available. Avoid using the affected device for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.