CVE-2018-18291
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.
Una vulnerabilidad Cross-Site Scripting (XSS) en dispositivos ASUS RT-AC58U 3.0.0.4.380_6516 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp o internet.asp.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-14 CVE Reserved
- 2018-10-14 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/remix30303/AsusXSS | 2024-09-16 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Asus Search vendor "Asus" | Rt-ac58u Firmware Search vendor "Asus" for product "Rt-ac58u Firmware" | 3.0.0.4.380.6516 Search vendor "Asus" for product "Rt-ac58u Firmware" and version "3.0.0.4.380.6516" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac58u Search vendor "Asus" for product "Rt-ac58u" | - | - |
Safe
|