HomePentest-Tools.com Logo

ASUS Router Multiple Vulnerabilities CVE-2015-1437

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

ASUS Router is prone to multiple vulnerabilities.

Risk description

- The error page is accessible without authentication. This allows the attacker to bypass same-origin policy restrictions enforced by XMLHttpRequest. - The router error page error_page.htm includes the current administrative password in clear text. Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a users browser session in the context of an affected site and also can conduct phishing attacks.

Recommendation

No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 4, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available