CVE-2023-34360

Name of the Vulnerable Software and Affected Versions ASUS RT-AX88U versions 3.0.0.4.388.23110 and prior

Description A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality. After a remote attacker logs in to the device with regular user privilege, they can perform a Stored Cross-site Scripting (XSS) attack by uploading an image containing JavaScript code. The vulnerability exists due to the lack of protection of the web page structure, allowing a remote attacker to conduct an XSS attack.

Recommendations For versions 3.0.0.4.388.23110 and prior, consider disabling the Custom User Icons functionality as a temporary workaround until a patch is available. Restrict access to the vulnerable functionality to minimize the risk of exploitation. Avoid uploading images that may contain JavaScript code to the Custom User Icons feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.