rerait softpedia

Cve-2017-6547.Asus RT-AC53 filename cross site scripting

By admin on July 12, 2021 0 Comments




2nd collection of issues.ASUSWRT RT-AC53 () – Cross-Site Scripting – Hardware webapps Exploit


May 10,  · Tracked as CVE, the flaw allows remote attackers to inject arbitrary JavaScript by requesting filenames more than 50 characters. Mar 08,  · CVE: CVE Vulnerability: httpd checks in the event handle_request when the required file name is more than 50 chars. After that it reacts with a redirection allowing an assailant to inject arbitrary JavaScript code to the router’s web user interface framework. Mar 09,  · CVE CVE CVE Remote: Yes Local: No Published: Mar 09 AM Updated: Mar 23 AM Credit: bruno susceptible: Asus ASUSWRT RT-AC53 Asus ASUSWRT RT-AC53 0.


Cve-2017-6547.40 Asus RT Router Versions Are In Danger Of Easy Hacks

8 rows · Mar 08,  · Cross-Site Scripting (XSS) Component: httpd CVE: CVE . Apr 17,  · Fixed CVE Fixed CVE Fixed CVE Added log message for brute power assault. Bug repairs: Fixed bandwidth limiter . Mar 08,  · CVE: CVE Vulnerability: httpd checks in the function handle_request if the requested file name is longer than 50 chars. It then responds with a redirection which allows an assailant to inject arbitrary JavaScript rule into the router’s web interface framework.
40 Asus RT Router Versions Tend To Be At Risk Of Simple Hacks
ASUSWRT – Numerous Weaknesses
Asus ASUSWRT Several Protection Weaknesses
ASUSWRT RT-AC53 ( – Cross-Site Scripting
First set of issues
CVE | Asus RT-AC53 cross web site scripting (BID / EDB)

The good news is that the company that discovered these flaws — Nightwatch Cybersecurity — has secretly reported the issues to Asus back January, plus the company features issued a firmware change in March. Users which use any one of the following Asus RT router models should check and see if they’re operating a firmware version of v3.

The firmware upgrade is present for grab here. Below is a summary of most of the found vulnerabilities. For all problems, Nightwatch specialist Yakov Shafranovich has published PoCs in the organization’s website.

What this means is an assailant can draw a user on a destructive site and issue a demand from that website towards the router’s login page. This attack requires the assailant becoming on a single system, and be aware of the router’s administrator password to ensure he is able to question the XML endpoint.

The firmware upgrade that patches the vulnerabilities described above also includes fixes for any other issues discovered by safety researcher Bruno Bierbaumer. Taken individually all those problems tend to be trivial, but an experienced attacker can chain all of them together and take-over routers, adding them to a botnet, and using these devices for his or her own operations, such as relaying malicious traffic or introducing DDoS attacks.

This, in change, decreases the router’s performance and local Net speed. Maybe not a member however? Enroll Now. To get regular revisions and report from BleepingComputer , please use the shape below.

Find out about what’s banned becoming published. May 11, have always been 0. 2nd group of problems The firmware improvement that patches the vulnerabilities described above also includes fixes for any other issues found by security specialist Bruno Bierbaumer. Catalin Cimpanu Catalin Cimpanu may be the safety Information publisher for Bleeping Computer, where he addresses topics such as for instance malware, breaches, vulnerabilities, exploits, hacking news, the Dark online, and some more.

For other contact methods, please visit Catalin’s author page. Past Article Next Article. You may even like:. Popular Stories. Newsletter signup to get regular revisions and development from BleepingComputer , be sure to use the form below. Login Username. Keep In Mind Me.

Sign in anonymously. Check in with Twitter Not an associate yet? Reporter assist us comprehend the problem. What is happening with this comment? Spam Abusive or Harmful Inappropriate content Strong language more Learn more about what’s banned becoming published.

Comments are closed.