HomePentest-Tools.com Logo

ASUS Router Multiple Vulnerabilities (Aug 2015) - Active Check CVE-2015-2676

Not available
CVSSv3 Score
Not available
Vulnerability description

ASUS Router is prone to multiple vulnerabilities.

Risk description

Flaws are exists as the application does not validate input passed via next_page, group_id, action_script, flag parameters to start_apply.htm script before returning it to user. Successful exploitation will allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a users browser session within the trust relationship between their browser and the server and also to conduct CSRF attacks.


No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Mar 23, 2015
Detection added at
Software Type
Not available
Not available
Not available