PT-2025-6887 · Asus · Asus Rt-N12+
Fergod
·
Published
2025-02-16
·
Updated
2025-03-13
·
CVE-2025-1354
CVSS v4.0
4.8
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Asus RT-N12E version 2.0.0.19
Description:
A vulnerability was found in the Asus RT-N12E, classified as problematic. It affects an unknown function of the file sysinfo.asp. The manipulation of the
SSID argument leads to cross-site scripting. This attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.Recommendations:
For Asus RT-N12E version 2.0.0.19, as a temporary workaround, consider restricting access to the sysinfo.asp file until a patch is available. Avoid using the
SSID argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Asus Rt-N12+