Sign-up

ID

VAR-201905-0802


CVE

CVE-2018-14710


TITLE

ASUS RT-AC3200 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-015411

DESCRIPTION

Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter. ASUS RT-AC3200 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ASUS RT-AC3200 is a wireless router manufactured by Taiwan ASUS Corporation. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2018-14710 // JVNDB: JVNDB-2018-015411 // VULHUB: VHN-124897

AFFECTED PRODUCTS

vendor:asusmodel:rt-ac3200scope:eqversion:3.0.0.4.382.50010

Trust: 1.0

vendor:asustek computermodel:rt-ac3200scope:eqversion:3.0.0.4.382.50010

Trust: 0.8

sources: JVNDB: JVNDB-2018-015411 // NVD: CVE-2018-14710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14710
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-14710
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-288
value: MEDIUM

Trust: 0.6

VULHUB: VHN-124897
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14710
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-124897
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14710
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-124897 // JVNDB: JVNDB-2018-015411 // CNNVD: CNNVD-201905-288 // NVD: CVE-2018-14710

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-124897 // JVNDB: JVNDB-2018-015411 // NVD: CVE-2018-14710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-288

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-288

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015411

PATCH
title:Top Pageurl:https://www.asustor.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015411

EXTERNAL IDS
db:NVDid:CVE-2018-14710
Trust: 2.5
db:JVNDBid:JVNDB-2018-015411
Trust: 0.8
db:CNNVDid:CNNVD-201905-288
Trust: 0.7
db:VULHUBid:VHN-124897
Trust: 0.1
sources:
            
            
            VULHUB: VHN-124897 // 
            
            
            
            JVNDB: JVNDB-2018-015411 // 
            
            
            
            CNNVD: CNNVD-201905-288 // 
            
            
            
            NVD: CVE-2018-14710

REFERENCES
url:https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-14710
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14710
Trust: 0.8
sources:
            
            
            VULHUB: VHN-124897 // 
            
            
            
            JVNDB: JVNDB-2018-015411 // 
            
            
            
            CNNVD: CNNVD-201905-288 // 
            
            
            
            NVD: CVE-2018-14710

SOURCES
db:VULHUBid:VHN-124897
db:JVNDBid:JVNDB-2018-015411
db:CNNVDid:CNNVD-201905-288
db:NVDid:CVE-2018-14710

LAST UPDATE DATE
2024-11-23T22:48:23.397000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-124897date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2018-015411date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-288date:2019-05-16T00:00:00
db:NVDid:CVE-2018-14710date:2024-11-21T03:49:38.443

SOURCES RELEASE DATE
db:VULHUBid:VHN-124897date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2018-015411date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-288date:2019-05-13T00:00:00
db:NVDid:CVE-2018-14710date:2019-05-13T13:29:00.933