Sign-up

ID

VAR-201504-0585


TITLE

ASUS RT-G32 Router Cross-Site Scripting Vulnerability and Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201505-354

DESCRIPTION

ASUS RT-G32 Router is a wireless router product from ASUS. Cross-site scripting vulnerabilities and cross-site request forgery vulnerabilities exist in ASUS RT-G32 routers using firmware version 2.0.2.6 and 2.0.3.2. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication and performing unauthorized operations. Other attacks may also be possible

Trust: 0.81

sources: CNNVD: CNNVD-201505-354 // BID: 74378

AFFECTED PRODUCTS

vendor:asusmodel:rt-g32scope:eqversion:2.0.3.2

Trust: 0.3

vendor:asusmodel:rt-g32scope:eqversion:2.0.2.6

Trust: 0.3

sources: BID: 74378

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-354

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201505-354

EXTERNAL IDS

db:BIDid:74378

Trust: 0.9

db:CNNVDid:CNNVD-201505-354

Trust: 0.6

sources: BID: 74378 // CNNVD: CNNVD-201505-354

REFERENCES

url:http://www.securityfocus.com/bid/74378

Trust: 0.6

url:http://www.asus.com/

Trust: 0.3

url:http://www.asus.com/networking/rtg32/

Trust: 0.3

url:http://seclists.org/fulldisclosure/2015/apr/86

Trust: 0.3

sources: BID: 74378 // CNNVD: CNNVD-201505-354

CREDITS

MustLive

Trust: 0.9

sources: BID: 74378 // CNNVD: CNNVD-201505-354

SOURCES

db:BIDid:74378
db:CNNVDid:CNNVD-201505-354

LAST UPDATE DATE

2022-05-17T01:47:57.658000+00:00


SOURCES UPDATE DATE

db:BIDid:74378date:2015-04-26T00:00:00
db:CNNVDid:CNNVD-201505-354date:2015-05-19T00:00:00

SOURCES RELEASE DATE

db:BIDid:74378date:2015-04-26T00:00:00
db:CNNVDid:CNNVD-201505-354date:2015-04-26T00:00:00