Lucene search

[email protected]NVD:CVE-2015-2681

HistoryMar 23, 2015 - 4:59 p.m.

CVE-2015-2681

2015-03-2316:59:09

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.005

Percentile

76.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm.

Affected configurations

Nvd

Node

asusrt-g32_firmwareMatch2.0.2.6

asusrt-g32_firmwareMatch2.0.3.2

AND

asusrt-g32Match-

VendorProductVersionCPE
asusrt-g32_firmware2.0.2.6cpe:2.3:o:asus:rt-g32_firmware:2.0.2.6:*:*:*:*:*:*:*
asusrt-g32_firmware2.0.3.2cpe:2.3:o:asus:rt-g32_firmware:2.0.3.2:*:*:*:*:*:*:*
asusrt-g32-cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asus	rt-g32_firmware	2.0.2.6	cpe:2.3:o:asus:rt-g32_firmware:2.0.2.6:::::::*
asus	rt-g32_firmware	2.0.3.2	cpe:2.3:o:asus:rt-g32_firmware:2.0.3.2:::::::*
asus	rt-g32	-	cpe:2.3:h:asus:rt-g32:-:::::::*

References

packetstormsecurity.com/files/130724/ASUS-RT-G32-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2015/Mar/42

websecurity.com.ua/7644/

www.securityfocus.com/bid/73296

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.005

Percentile

76.6%

JSON

Related for NVD:CVE-2015-2681

cvelist1 cve1 prion1 kaspersky1