Details of VAR-202207-0160

ID

VAR-202207-0160

CVE

CVE-2021-43702

TITLE

ASUS RT-A88U Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-58229 // CNNVD: CNNVD-202207-389

DESCRIPTION

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U is a wireless router from ASUS (ASUS) in Taiwan

Trust: 1.53

sources: NVD: CVE-2021-43702 // CNVD: CNVD-2022-58229 // VULMON: CVE-2021-43702

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-58229

AFFECTED PRODUCTS

vendor:	asus	model:	zenwifi xd4s	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi ac mini	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac58u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax86u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac87u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-acrh13	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n12vp b1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac66r	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac2400	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi pro et12	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac5300	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n12e c1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac55u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac68uf	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi xd6	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1300g\+	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac2200	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac66u\+	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac56s	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax82u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1300uhp	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n12hp b1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac85u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1200g	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	tuf gaming ax3000 v2	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac55uhp	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1750 b1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n14uhp	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac3100	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi pro xt12	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac51u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi et8	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax92u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac66w	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax68u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax58u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax55	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac3200	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi xt9	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rog rapture gt-ac5300	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1750	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac68r	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax3000	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rog rapture gt-ax11000	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac56u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax89x	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi xd5	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi ax hybrid	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac52u b1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1900	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n12\+ b1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1200g\+	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n66w	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi ax mini	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1200e	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac2900	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac53	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac85p	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n19	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac68w	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1200gu	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax56u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac51u\+	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ax88u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n12d1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n66u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac65p	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1900u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi ax	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	4g-ac68u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	zenwifi ac	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac57u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n18u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac68p	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac86u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac65u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac66u b1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	4g-ac53u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac2600	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac87r	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-acrh17	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	tuf gaming ax5400	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n66r	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n12e b1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rog rapture gt-ac2900	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1200hp	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1900p	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac56r	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac88u	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-ac1200	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-n66c1	scope:	eq	version:	3.0.0.4.386.46061	Trust: 1.0
vendor:	asus	model:	rt-a88u 3.0.0.4.386 45898	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-58229 // NVD: CVE-2021-43702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-43702
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2022-58229
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202207-389
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-43702
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-43702
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-58229
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-43702
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-58229 // VULMON: CVE-2021-43702 // CNNVD: CNNVD-202207-389 // NVD: CVE-2021-43702

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2021-43702

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-389

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202207-389

PATCH

title:	Patch for ASUS RT-A88U Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/345646	Trust: 0.6
title:	ASUS RT-A88U Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200692	Trust: 0.6

sources: CNVD: CNVD-2022-58229 // CNNVD: CNNVD-202207-389

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43702	Trust: 2.3
db:	CNVD	id:	CNVD-2022-58229	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-389	Trust: 0.6
db:	VULMON	id:	CVE-2021-43702	Trust: 0.1

sources: CNVD: CNVD-2022-58229 // VULMON: CVE-2021-43702 // CNNVD: CNNVD-202207-389 // NVD: CVE-2021-43702

REFERENCES

url:	https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch	Trust: 2.3
url:	https://www.asus.com/uk/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ac88u/	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2021-43702/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-58229 // VULMON: CVE-2021-43702 // CNNVD: CNNVD-202207-389 // NVD: CVE-2021-43702

SOURCES

db:	CNVD	id:	CNVD-2022-58229
db:	VULMON	id:	CVE-2021-43702
db:	CNNVD	id:	CNNVD-202207-389
db:	NVD	id:	CVE-2021-43702

LAST UPDATE DATE

2024-08-14T15:27:14.485000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-58229	date:	2022-08-19T00:00:00
db:	VULMON	id:	CVE-2021-43702	date:	2022-07-18T00:00:00
db:	CNNVD	id:	CNNVD-202207-389	date:	2022-07-29T00:00:00
db:	NVD	id:	CVE-2021-43702	date:	2022-07-18T15:27:57.557

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-58229	date:	2022-08-16T00:00:00
db:	VULMON	id:	CVE-2021-43702	date:	2022-07-05T00:00:00
db:	CNNVD	id:	CNNVD-202207-389	date:	2022-07-05T00:00:00
db:	NVD	id:	CVE-2021-43702	date:	2022-07-05T12:15:07.830