Japan Vulnerability NotesJVN:32631078JVN#32631078: Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
52.2%
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.
Impact
If a user views a malicious page while logged in, unintended operations may be conducted.
In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#77792759, an arbitrary OS command may be executed.
Solution
Update the Firmware
Apply the appropriate firmware update provided by the developer.
Products Affected
- RT-AC87U Firmware versions prior to 3.0.0.4.378.6065
- RT-AC68U Firmware versions prior to 3.0.0.4.378.6152
- RT-AC56S Firmware versions prior to 3.0.0.4.378.6065
- RT-N66U Firmware versions prior to 3.0.0.4.378.6065
- RT-N56U Firmware versions prior to 3.0.0.4.378.6065
[Added on June 17, 2015]
Note that the firmware versions released on January 12, 2015 did not address the vulnerability completely. Newer firmware versions have been released.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
52.2%