Lucene search

[email protected]CVE-2021-43702

HistoryJul 05, 2022 - 12:15 p.m.

CVE-2021-43702

2022-07-0512:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-43702

asus

rt-a88u

cross site scripting

xss

security vulnerability

nvd

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.8%

JSON

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.

Affected configurations

NVD

Node

asuszenwifi_xd4sMatch-

AND

asuszenwifi_xd4s_firmwareMatch3.0.0.4.386.46061

Node

asuszenwifi_xt9Match-

AND

asuszenwifi_xt9_firmwareMatch3.0.0.4.386.46061

Node

asuszenwifi_xd5Match-

AND

asuszenwifi_xd5_firmwareMatch3.0.0.4.386.46061

Node

asuszenwifi_pro_et12Match-

AND

asuszenwifi_pro_et12_firmwareMatch3.0.0.4.386.46061

Node

asuszenwifi__pro_xt12Match-

AND

asuszenwifi__pro_xt12_firmwareMatch3.0.0.4.386.46061

Node

asuszenwifi_ax_hybridMatch-

AND

asuszenwifi_ax_hybrid_firmwareMatch3.0.0.4.386.46061

Node

asuszenwifi_et8Match-

AND

asuszenwifi_et8_firmwareMatch3.0.0.4.386.46061

Node

asuszenwifi_xd6Match-

AND

asuszenwifi_xd6_firmwareMatch3.0.0.4.386.46061

Node

asuszenwifi_ac_mini_firmwareMatch3.0.0.4.386.46061

AND

asuszenwifi_ac_miniMatch-

Node

asuszenwifi_ax_mini_firmwareMatch3.0.0.4.386.46061

AND

asuszenwifi_ax_miniMatch-

Node

asuszenwifi_ax_firmwareMatch3.0.0.4.386.46061

AND

asuszenwifi_axMatch-

Node

asuszenwifi_ac_firmwareMatch3.0.0.4.386.46061

AND

asuszenwifi_acMatch-

Node

asusrt-ac66u_b1_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac66u_b1Match-

Node

asusrt-ax88u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax88uMatch-

Node

asusrt-ax82u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax82uMatch-

Node

asusrt-ax89x_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax89xMatch-

Node

asusrt-ax92u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax92uMatch-

Node

asusrt-ax86u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax86uMatch-

Node

asusrt-ax68u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax68uMatch-

Node

asusrt-ax82u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax82uMatch-

Node

asusrt-ax3000_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax3000Match-

Node

asusrt-ax58u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax58uMatch-

Node

asusrt-ax55_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax55Match-

Node

asusrt-ax56u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ax56uMatch-

Node

asusrt-ac66u\+_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac66u\+Match-

Node

asusrog_rapture_gt-ac5300_firmwareMatch3.0.0.4.386.46061

AND

asusrog_rapture_gt-ac5300Match-

Node

asusrog_rapture_gt-ax11000_firmwareMatch3.0.0.4.386.46061

AND

asusrog_rapture_gt-ax11000Match-

Node

asusrog_rapture_gt-ac2900_firmwareMatch3.0.0.4.386.46061

AND

asusrog_rapture_gt-ac2900Match-

Node

asusrt-ac1300uhp_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1300uhpMatch-

Node

asusrt-ac1300g\+_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1300g\+Match-

Node

asustuf_gaming_ax5400_firmwareMatch3.0.0.4.386.46061

AND

asustuf_gaming_ax5400Match-

Node

asustuf_gaming_ax3000_v2_firmwareMatch3.0.0.4.386.46061

AND

asustuf_gaming_ax3000_v2Match-

Node

asusrt-ac1200_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1200Match-

Node

asusrt-ac5300_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac5300Match-

Node

asusrt-ac1200g_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1200gMatch-

Node

asusrt-ac1200hp_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1200hpMatch-

Node

asusrt-ac1200g\+_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1200g\+Match-

Node

asusrt-ac1200e_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1200eMatch-

Node

asusrt-ac1200gu_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1200guMatch-

Node

asusrt-ac3100_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac3100Match-

Node

asusrt-ac58u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac58uMatch-

Node

asusrt-ac88u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac88uMatch-

Node

asusrt-ac56u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac56uMatch-

Node

asusrt-ac56r_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac56rMatch-

Node

asusrt-ac56s_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac56sMatch-

Node

asusrt-ac3200_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac3200Match-

Node

asusrt-ac55u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac55uMatch-

Node

asusrt-ac2900_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac2900Match-

Node

asusrt-ac55uhp_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac55uhpMatch-

Node

asusrt-ac2600_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac2600Match-

Node

asusrt-ac53_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac53Match-

Node

asusrt-ac2400_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac2400Match-

Node

asusrt-ac52u_b1_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac52u_b1Match-

Node

asusrt-ac2200_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac2200Match-

Node

asusrt-ac51u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac51uMatch-

Node

asusrt-ac51u\+_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac51u\+Match-

Node

asusrt-ac87u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac87uMatch-

Node

asusrt-ac87r_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac87rMatch-

Node

asusrt-acrh17_firmwareMatch3.0.0.4.386.46061

AND

asusrt-acrh17Match-

Node

asusrt-ac86u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac86uMatch-

Node

asusrt-acrh13_firmwareMatch3.0.0.4.386.46061

AND

asusrt-acrh13Match-

Node

asusrt-ac85u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac85uMatch-

Node

asusrt-n66u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n66uMatch-

Node

asusrt-n66r_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n66rMatch-

Node

asusrt-n66w_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n66wMatch-

Node

asusrt-n66c1_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n66c1Match-

Node

asusrt-ac85p_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac85pMatch-

Node

asusrt-n18u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n18uMatch-

Node

asusrt-ac65p_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac65pMatch-

Node

asusrt-n19_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n19Match-

Node

asusrt-ac57u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac57uMatch-

Node

asusrt-n14uhp_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n14uhpMatch-

Node

asusrt-ac68u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac68uMatch-

Node

asusrt-ac68r_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac68rMatch-

Node

asusrt-ac68p_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac68pMatch-

Node

asusrt-ac68w_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac68wMatch-

Node

asusrt-ac68uf_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac68ufMatch-

Node

asusrt-n12e_b1_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n12e_b1Match-

Node

asusrt-n12e_c1_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n12e_c1Match-

Node

asusrt-ac65u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac65uMatch-

Node

asusrt-n12hp_b1_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n12hp_b1Match-

Node

asusrt-ac1900_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1900Match-

Node

asusrt-n12vp_b1_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n12vp_b1Match-

Node

asusrt-ac1900p_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1900pMatch-

Node

asusrt-ac1900u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1900uMatch-

Node

asusrt-n12\+_b1_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n12\+_b1Match-

Node

asusrt-ac1750_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1750Match-

Node

asusrt-n12d1_firmwareMatch3.0.0.4.386.46061

AND

asusrt-n12d1Match-

Node

asusrt-ac1750_b1__firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac1750_b1_Match-

Node

asus4g-ac53u_firmwareMatch3.0.0.4.386.46061

AND

asus4g-ac53uMatch-

Node

asusrt-ac66u_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac66uMatch-

Node

asusrt-ac66r_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac66rMatch-

Node

asusrt-ac66w_firmwareMatch3.0.0.4.386.46061

AND

asusrt-ac66wMatch-

Node

asus4g-ac68u_firmwareMatch3.0.0.4.386.46061

AND

asus4g-ac68uMatch-

CPENameOperatorVersion
asus:zenwifi_xd4s_firmwareasus zenwifi xd4s firmwareeq3.0.0.4.386.46061

CPE	Name	Operator	Version
asus:zenwifi_xd4s_firmware	asus zenwifi xd4s firmware	eq	3.0.0.4.386.46061

References

www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/

www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch

Social References

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.8%

JSON

Related for CVE-2021-43702

nvd1 cnvd1 prion1 cvelist1