Vulnerability Description
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| T-Mobile | Tm-Ac1900 | 3.0.0.4.376_3169 |
| Asus | Rt-Ac68U Firmware | <= 3.0.0.4.374_4983 |
| Asus | Rt-Ac68U | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Apr/59Exploit
- http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
- http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/
- http://www.securityfocus.com/bid/66669Exploit
- https://support.t-mobile.com/docs/DOC-21994
- http://seclists.org/fulldisclosure/2014/Apr/59Exploit
- http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
- http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/
- http://www.securityfocus.com/bid/66669Exploit
- https://support.t-mobile.com/docs/DOC-21994
FAQ
What is CVE-2014-2925?
CVE-2014-2925 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary...
How severe is CVE-2014-2925?
CVE-2014-2925 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2925?
Check the references section above for vendor advisories and patch information. Affected products include: T-Mobile Tm-Ac1900, Asus Rt-Ac68U Firmware, Asus Rt-Ac68U.