Vulnerability Description
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asus | Zenwifi Xd4S Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Xd4S | - |
| Asus | Zenwifi Xt9 Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Xt9 | - |
| Asus | Zenwifi Xd5 Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Xd5 | - |
| Asus | Zenwifi Pro Et12 Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Pro Et12 | - |
| Asus | Zenwifi Pro Xt12 Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Pro Xt12 | - |
| Asus | Zenwifi Ax Hybrid Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Ax Hybrid | - |
| Asus | Zenwifi Et8 Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Et8 | - |
| Asus | Zenwifi Xd6 Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Xd6 | - |
| Asus | Zenwifi Ac Mini Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Ac Mini | - |
| Asus | Zenwifi Ax Mini Firmware | 3.0.0.4.386.46061 |
| Asus | Zenwifi Ax Mini | - |
Related Weaknesses (CWE)
References
- https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RTProductVendor Advisory
- https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discoveExploitThird Party Advisory
- https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RTProductVendor Advisory
- https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discoveExploitThird Party Advisory
FAQ
What is CVE-2021-43702?
CVE-2021-43702 is a vulnerability with a CVSS score of 9.0 (CRITICAL). ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the rou...
How severe is CVE-2021-43702?
CVE-2021-43702 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-43702?
Check the references section above for vendor advisories and patch information. Affected products include: Asus Zenwifi Xd4S Firmware, Asus Zenwifi Xd4S, Asus Zenwifi Xt9 Firmware, Asus Zenwifi Xt9, Asus Zenwifi Xd5 Firmware.