CVE-2017-6547 Information

Description

Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U RT-N66U RT-AC66U RT-N66R RT-AC66R RT-AC68U RT-AC68R RT-N66W RT-AC66W RT-AC87R RT-AC87U RT-AC51U RT-AC68P RT-N11P RT-N12+ RT-N12E B1 RT-AC3200 RT-AC53U RT-AC1750 RT-AC1900P RT-N300 and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600 RT-N12+ B1 RT-N11P B1 RT-N12VP B1 RT-N12E C1 RT-N300 B1 and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/96938 https://bierbaumer.net/security/asuswrt/cross-site-scripting-xss https://www.exploit-db.com/exploits/41571/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1