Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2925

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2925
Last Modified 17 Sep 2015 09:59:21
Published 22 Apr 2014 09:06:30
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2925

Summary

Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.

Vulnerable Systems

Operating System

  • Asus Rt-ac68u Firmware 3.0.0.4.374 4887

  • Asus Rt-ac68u Firmware 3.0.0.4.374 4983

  • Asus Rt-ac68u Firmware 3.0.0.4.374.4755


References

CONFIRM - http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/

CONFIRM - http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29

FULLDISC - 20140404 Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface

BID - 66669

CONFIRM - https://support.t-mobile.com/docs/DOC-21994


Last Updated: 27 May 2016 11:05:03