Sign-up

ID

VAR-202305-0063


CVE

CVE-2023-29772


TITLE

ASUS RT-AC51U Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2023-63442 // CNNVD: CNNVD-202305-082

DESCRIPTION

A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. ASUSTeK Computer Inc. of RT-AC51U Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ASUS RT-AC51U is a wireless router made by ASUS in China. The vulnerability stems from the lack of effective filtering and escaping of the data provided by the user. Attackers can exploit this vulnerability to execute arbitrary Web script or HTML

Trust: 2.25

sources: NVD: CVE-2023-29772 // JVNDB: JVNDB-2023-009712 // CNVD: CNVD-2023-63442 // VULMON: CVE-2023-29772

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-63442

AFFECTED PRODUCTS

vendor:asusmodel:rt-ac51uscope:lteversion:3.0.0.4.380.8591

Trust: 1.0

vendor:asustek computermodel:rt-ac51uscope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ac51uscope:eqversion: -

Trust: 0.8

vendor:asustek computermodel:rt-ac51uscope:lteversion:rt-ac51u firmware 3.0.0.4.380.8591 and earlier

Trust: 0.8

vendor:asusmodel:rt-ac51uscope:lteversion:<=3.0.0.4.380.8591

Trust: 0.6

sources: CNVD: CNVD-2023-63442 // JVNDB: JVNDB-2023-009712 // NVD: CVE-2023-29772

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-29772
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-29772
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-29772
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-63442
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202305-082
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-63442
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-29772
baseSeverity: MEDIUM
baseScore: 5.2
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: CVE-2023-29772
baseSeverity: MEDIUM
baseScore: 5.2
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-63442 // JVNDB: JVNDB-2023-009712 // CNNVD: CNNVD-202305-082 // NVD: CVE-2023-29772 // NVD: CVE-2023-29772

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009712 // NVD: CVE-2023-29772

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202305-082

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202305-082

EXTERNAL IDS

db:NVDid:CVE-2023-29772

Trust: 3.9

db:JVNDBid:JVNDB-2023-009712

Trust: 0.8

db:CNVDid:CNVD-2023-63442

Trust: 0.6

db:CNNVDid:CNNVD-202305-082

Trust: 0.6

db:VULMONid:CVE-2023-29772

Trust: 0.1

sources: CNVD: CNVD-2023-63442 // VULMON: CVE-2023-29772 // JVNDB: JVNDB-2023-009712 // CNNVD: CNNVD-202305-082 // NVD: CVE-2023-29772

REFERENCES

url:https://gitlab.com/donnm/cves/-/blob/master/xss_rtac51u_syslog.md

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-29772

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-29772/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-63442 // VULMON: CVE-2023-29772 // JVNDB: JVNDB-2023-009712 // CNNVD: CNNVD-202305-082 // NVD: CVE-2023-29772

SOURCES

db:CNVDid:CNVD-2023-63442
db:VULMONid:CVE-2023-29772
db:JVNDBid:JVNDB-2023-009712
db:CNNVDid:CNNVD-202305-082
db:NVDid:CVE-2023-29772

LAST UPDATE DATE

2025-01-31T23:12:52.798000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-63442date:2023-08-15T00:00:00
db:VULMONid:CVE-2023-29772date:2023-05-02T00:00:00
db:JVNDBid:JVNDB-2023-009712date:2023-12-06T06:34:00
db:CNNVDid:CNNVD-202305-082date:2023-05-15T00:00:00
db:NVDid:CVE-2023-29772date:2025-01-30T17:15:14.800

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-63442date:2023-08-15T00:00:00
db:VULMONid:CVE-2023-29772date:2023-05-02T00:00:00
db:JVNDBid:JVNDB-2023-009712date:2023-12-06T00:00:00
db:CNNVDid:CNNVD-202305-082date:2023-05-02T00:00:00
db:NVDid:CVE-2023-29772date:2023-05-02T13:15:24.957