HomePentest-Tools.com Logo

ASUS Router Multiple Vulnerabilities (Aug 2015) - Active Check CVE-2015-2676

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

ASUS Router is prone to multiple vulnerabilities.

Risk description

Flaws are exists as the application does not validate input passed via next_page, group_id, action_script, flag parameters to start_apply.htm script before returning it to user. Successful exploitation will allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a users browser session within the trust relationship between their browser and the server and also to conduct CSRF attacks.

Recommendation

No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 23, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available