CVE-2025-1354

Sažetak

A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. Note: All versions of RT-N10E and RT-N12E are unsupported (End-of-Life, EOL). Consumers can mitigate this vulnerability by disabling the remote access features from WAN

Reference

https://vuldb.com/?ctiid.295962
https://vuldb.com/?id.295962
https://vuldb.com/?submit.496013
https://www.asus.com/supportonly/rt-n10e/helpdesk_bios/
https://www.asus.com/supportonly/rt-n12e/helpdesk_bios/
https://vuldb.com/?ctiid.295962
https://vuldb.com/?id.295962
https://vuldb.com/?submit.496013
https://www.asus.com/

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:M/C:N/I:P/A:N

Zadnje važnije ažuriranje

13-03-2025 - 07:15

Objavljeno

16-02-2025 - 16:15