CVE-2022-32988 Information

Jul 02, 2022 cve

Description

Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the \list\ parameters (e.g. filter_lwlist keyword_rulelist etc) in every .asp\ page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp (2) cgi-bin/Advanced_ACL_Content.asp (3) cgi-bin/Advanced_ADSL_Content.asp (4) cgi-bin/Advanced_ASUSDDNS_Content.asp (5) cgi-bin/Advanced_AiDisk_ftp.asp (6) cgi-bin/Advanced_AiDisk_samba.asp (7) cgi-bin/Advanced_DSL_Content.asp (8) cgi-bin/Advanced_Firewall_Content.asp (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp (10) cgi-bin/Advanced_GWStaticRoute_Content.asp (11) cgi-bin/Advanced_IPTV_Content.asp (12) cgi-bin/Advanced_IPv6_Content.asp (13) cgi-bin/Advanced_KeywordFilter_Content.asp (14) cgi-bin/Advanced_LAN_Content.asp (15) cgi-bin/Advanced_Modem_Content.asp (16) cgi-bin/Advanced_PortTrigger_Content.asp (17) cgi-bin/Advanced_QOSUserPrio_Content.asp (18) cgi-bin/Advanced_QOSUserRules_Content.asp (19) cgi-bin/Advanced_SettingBackup_Content.asp (20) cgi-bin/Advanced_System_Content.asp (21) cgi-bin/Advanced_URLFilter_Content.asp (22) cgi-bin/Advanced_VPN_PPTP.asp (23) cgi-bin/Advanced_VirtualServer_Content.asp (24) cgi-bin/Advanced_WANPort_Content.asp (25) cgi-bin/Advanced_WAdvanced_Content.asp (26) cgi-bin/Advanced_WMode_Content.asp (27) cgi-bin/Advanced_WWPS_Content.asp (28) cgi-bin/Advanced_Wireless_Content.asp (29) cgi-bin/Bandwidth_Limiter.asp (30) cgi-bin/Guest_network.asp (31) cgi-bin/Main_AccessLog_Content.asp (32) cgi-bin/Main_AdslStatus_Content.asp (33) cgi-bin/Main_Spectrum_Content.asp (34) cgi-bin/Main_WebHistory_Content.asp (35) cgi-bin/ParentalControl.asp (36) cgi-bin/QIS_wizard.asp (37) cgi-bin/QoS_EZQoS.asp (38) cgi-bin/aidisk.asp (39) cgi-bin/aidisk/Aidisk-1.asp (40) cgi-bin/aidisk/Aidisk-2.asp (41) cgi-bin/aidisk/Aidisk-3.asp (42) cgi-bin/aidisk/Aidisk-4.asp (43) cgi-bin/blocking.asp (44) cgi-bin/cloud_main.asp (45) cgi-bin/cloud_router_sync.asp (46) cgi-bin/cloud_settings.asp (47) cgi-bin/cloud_sync.asp (48) cgi-bin/device-map/DSL_dashboard.asp (49) cgi-bin/device-map/clients.asp (50) cgi-bin/device-map/disk.asp (51) cgi-bin/device-map/internet.asp (52) cgi-bin/error_page.asp (53) cgi-bin/index.asp (54) cgi-bin/index2.asp (55) cgi-bin/qis/QIS_PTM_manual_setting.asp (56) cgi-bin/qis/QIS_admin_pass.asp (57) cgi-bin/qis/QIS_annex_setting.asp (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp (59) cgi-bin/qis/QIS_detect.asp (60) cgi-bin/qis/QIS_finish.asp (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp (62) cgi-bin/qis/QIS_manual_setting.asp (63) cgi-bin/qis/QIS_mer_cfg.asp (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp (65) cgi-bin/qis/QIS_ppp_cfg.asp (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp (67) cgi-bin/qis/QIS_wireless.asp (68) cgi-bin/query_wan_status.asp (69) cgi-bin/query_wan_status2.asp and (70) cgi-bin/start_apply.asp.

Reference

https://github.com/FedericoHeichou/CVE-2022-32988 https://github.com/FedericoHeichou/DSL-N14U-XSS

Share on: