#VU6513 Cross-site scripting in Asus products - CVE-2017-6547
Published: May 11, 2017 / Updated: May 12, 2017
Vulnerability identifier: #VU6513
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-6547
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
RT-AC53
RT-N600
RT-N300
RT-N66W
RT-N66U
RT-N66R
RT-N56U
RT-N16
RT-N12E
RT-N12+
RT-N12
RT-N11P
RT-AC5300
RT-AC3200
RT-AC3100
RT-AC1750
RT-AC1200
RT-AC88U
RT-AC87U
RT-AC87R
RT-AC68R
RT-AC68P
RT-AC68W
RT-AC66W
RT-AC68UF
RT-AC68U
RT-AC66U
RT-AC56U
RT-AC56S
RT-AC56R
RT-AC55U
RT-AC52U B1
RT-AC51U
RT-AC53
RT-N600
RT-N300
RT-N66W
RT-N66U
RT-N66R
RT-N56U
RT-N16
RT-N12E
RT-N12+
RT-N12
RT-N11P
RT-AC5300
RT-AC3200
RT-AC3100
RT-AC1750
RT-AC1200
RT-AC88U
RT-AC87U
RT-AC87R
RT-AC68R
RT-AC68P
RT-AC68W
RT-AC66W
RT-AC68UF
RT-AC68U
RT-AC66U
RT-AC56U
RT-AC56S
RT-AC56R
RT-AC55U
RT-AC52U B1
RT-AC51U
Software vendor:
Asus
Asus
Description
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability is caused by incorrect filtration of input data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.