CVE-2022-32988

Name of the Vulnerable Software and Affected Versions Asus DSL-N14U-B1 version 1.1.2.3 805

Description A Cross Site Scripting (XSS) issue exists in the router Asus DSL-N14U-B1 via the "*list" parameters (e.g. filter lwlist, keyword rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected, including but not limited to: "cgi-bin/APP Installation.asp", "cgi-bin/Advanced ACL Content.asp", and 68 other asp files.

Recommendations As a temporary workaround, consider disabling access to the affected asp files until a patch is available. Restrict access to the vulnerable parameters, such as filter lwlist and keyword rulelist, to minimize the risk of exploitation. Avoid using the vulnerable asp pages in the affected router version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.