Description
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.
References (5)
Core 5
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Apr/59
Various Sources x_refsource_confirm
http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
Various Sources x_refsource_confirm
http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/
Various Sources x_refsource_confirm
https://support.t-mobile.com/docs/DOC-21994
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66669
Scores
EPSS
0.0034
EPSS Percentile
56.8%
Details
CWE
CWE-79
Status
published
Products (5)
asus/rt-ac68u
asus/rt-ac68u_firmware
3.0.0.4.374.4755
asus/rt-ac68u_firmware
3.0.0.4.374_4887
asus/rt-ac68u_firmware
< 3.0.0.4.374_4983
t-mobile/tm-ac1900
3.0.0.4.376_3169
Published
Apr 22, 2014
Tracked Since
Feb 18, 2026