CVE-2018-18291 Information

Description

A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp Advanced_WSecurity_Content.asp Advanced_Wireless_Content.asp Logout.asp Main_Login.asp MobileQIS_Login.asp QIS_wizard.htma YandexDNS.asp ajax_status.xml apply.cgi clients.asp disk.asp disk_utility.asp or internet.asp.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/remix30303/AsusXSS/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1