ID
VAR-E-201708-0487
CVE
| cve_id: | CVE-2017-12591 | Trust: 0.3 |
TITLE
ASUS DSL-N10S Router CVE-2017-12591 HTML Injection Vulnerability
Trust: 0.3
DESCRIPTION
ASUS DSL-N10S Router is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | asus | model: | dsl-n10s v2.1.16 apac | scope: | - | version: | - | Trust: 0.3 |
EXPLOIT
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Bhaskar Borman
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-12591 | Trust: 0.3 |
| db: | BID | id: | 100491 | Trust: 0.3 |
REFERENCES
| url: | https://www.asus.com/in/networking/dsln10s/ | Trust: 0.3 |
| url: | https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html | Trust: 0.3 |
| url: | http://www.asus.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 100491 |
LAST UPDATE DATE
2022-07-27T09:21:27.075000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 100491 | date: | 2017-08-13T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 100491 | date: | 2017-08-13T00:00:00 |