Computer Security
[EN] no-pyccku

Asus RT routers unauthorized access
updated since 07.04.2014
SecurityVulns ID:13675
Threat Level:
Description:Full anonymous access is allowed be default. Authentication bypass. Crossite scripting.
Affected:ASUS : Asus RT-N66U
 ASUS : Asus RT-AC66U
 ASUS : Asus RT-AC56U
 ASUS : Asus RT-N56U
 ASUS : Asus RT-N16
 ASUS : Asus RT-AC68U
 ASUS : Asus RT-N10U
 ASUS : Asus DSL-N55U
 ASUS : Asus RT-N15U
 ASUS : Asus RT-N53
 ASUS : Asus RT-N10
CVE:CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.)
Original documentdocumentkingkaustubh_(at), CVE-2015-1437 XSS In ASUS Router. (11.02.2015)
 documentkingkaustubh_(at), Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router (02.02.2015)
 documentkingkaustubh_(at), Reflected XSS vulnarbility in Asus RT-N10 Plus Router (02.02.2015)
 documentbuqtraq_(at), ASUS router drive-by code execution via XSS and authentication bypass (07.04.2014)
 documentkyle Lovett, ASUS RT Series Routers FTP Service - Default anonymous access (07.04.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod