Sign-up

ID

VAR-E-201504-0253


TITLE

ASUS RT-G32 Router Multiple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

Trust: 0.3

sources: BID: 74378

DESCRIPTION

ASUS RT-G32 Router is prone to multiple cross-site scripting vulnerabilities and multiple cross-site request-forgery vulnerabilities.
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and perform unauthorized actions. Other attacks may also be possible.
ASUS RT-G32 router running firmware 2.0.2.6 and 2.0.3.2 are vulnerable.

Trust: 0.3

sources: BID: 74378

AFFECTED PRODUCTS

vendor:asusmodel:rt-g32scope:eqversion:2.0.3.2

Trust: 0.3

vendor:asusmodel:rt-g32scope:eqversion:2.0.2.6

Trust: 0.3

sources: BID: 74378

EXPLOIT

To exploit these issues an attacker must entice an unsuspecting victim into following a malicious URI or visiting a malicious website.
The following example data is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/74378.html.txt">/data/vulnerabilities/exploits/74378.html.txt</a></li>

Trust: 0.3

sources: BID: 74378

PRICE

Free

Trust: 0.3

sources: BID: 74378

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 74378

CREDITS

MustLive

Trust: 0.3

sources: BID: 74378

EXTERNAL IDS

db:BIDid:74378

Trust: 0.3

sources: BID: 74378

REFERENCES

url:http://seclists.org/fulldisclosure/2015/apr/86

Trust: 0.3

url:http://www.asus.com/

Trust: 0.3

url:http://www.asus.com/networking/rtg32/

Trust: 0.3

sources: BID: 74378

SOURCES

db:BIDid:74378

LAST UPDATE DATE

2022-07-27T09:42:40.001000+00:00


SOURCES UPDATE DATE

db:BIDid:74378date:2015-04-26T00:00:00

SOURCES RELEASE DATE

db:BIDid:74378date:2015-04-26T00:00:00