ID
VAR-E-201503-0505
CVE
| cve_id: | CVE-2015-2681 | Trust: 0.3 |
TITLE
ASUS RT-G32 Router 'start_apply.htm' Multiple Cross Site Scripting Vulnerabilities
Trust: 0.3
DESCRIPTION
ASUS RT-G32 Router is prone to multiple cross-site scripting vulnerabilities.
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information.
ASUS RT-G32 router running firmware versions 2.0.2.6, and 2.0.3.2 are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | asus | model: | rt-g32 | scope: | eq | version: | 2.0.3.2 | Trust: 0.3 |
| vendor: | asus | model: | rt-g32 | scope: | eq | version: | 2.0.2.6 | Trust: 0.3 |
EXPLOIT
To exploit these issues an attacker must entice an unsuspecting victim into following a malicious URI or visiting a malicious website.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
MustLive
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-2681 | Trust: 0.3 |
| db: | BID | id: | 73296 | Trust: 0.3 |
REFERENCES
| url: | http://www.asus.com/ | Trust: 0.3 |
| url: | http://www.asus.com/networking/rtg32/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 73296 |
LAST UPDATE DATE
2022-07-27T09:27:22.795000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 73296 | date: | 2015-03-24T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 73296 | date: | 2015-03-24T00:00:00 |