CVE-2018-18291
https://notcve.org/view.php?id=CVE-2018-18291
A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp. Una vulnerabilidad Cross-Site Scripting (XSS) en dispositivos ASUS RT-AC58U 3.0.0.4.380_6516 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp o internet.asp. • https://github.com/remix30303/AsusXSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-18287
https://notcve.org/view.php?id=CVE-2018-18287
On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page. En dispositivos ASUS RT-AC58U 3.0.0.4.380_6516, los atacantes remotos pueden descubrir nombres de host y direcciones IP leyendo datos dhcpLeaseInfo en el código fuente HTML de la página Main_Login.asp. • https://github.com/remix30303/AsusLeak • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-17127
https://notcve.org/view.php?id=CVE-2018-17127
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. blocking_request.cgi en dispositivos ASUS GT-AC5300 hasta la versión 3.0.0.4.384_32738 permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del dispositivo) mediante una petición que carece de un parámetro timestap. • https://github.com/PAGalaxyLab/VulInfo/tree/master/ASUS/GT-AC5300/dos1 • CWE-476: NULL Pointer Dereference •
CVE-2018-17021
https://notcve.org/view.php?id=CVE-2018-17021
Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter. Vulnerabilidad Cross-Site Scripting (XSS) en dispositivos ASUS GT-AC5300 con firmware hasta la versión 3.0.0.4.384_32738 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro hook en appGet.cgi. • https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ac5300_xss/ASUS%20GT-AC5300%20XSS.MD • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-17022
https://notcve.org/view.php?id=CVE-2018-17022
Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy. Desbordamiento de búfer basado en pila en el router ASUS GT-AC5300 hasta la versión 3.0.0.4.384_32738 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del dispositivo) o, posiblemente, otro tipo de impacto sin especificar mediante el establecimiento de un valor sh_path0 largo y, después, enviando una petición appGet.cgi?hook=select_list("Storage_x_SharedPath"). Esto se debe a que ej_select_list en router httpd web.c emplea strcpy. • https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/buffer_overflow/ASUS%20GT-AC5300%20stack%20overflow.MD • CWE-787: Out-of-bounds Write •