Description
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/
Exploit, Third Party Advisory x_refsource_misc
https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch
Scores
CVSS v3
9.0
EPSS
0.0062
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (50)
asus/4g-ac53u_firmware
3.0.0.4.386.46061
asus/4g-ac68u_firmware
3.0.0.4.386.46061
asus/rog_rapture_gt-ac2900_firmware
3.0.0.4.386.46061
asus/rog_rapture_gt-ac5300_firmware
3.0.0.4.386.46061
asus/rog_rapture_gt-ax11000_firmware
3.0.0.4.386.46061
asus/rt-ac1200_firmware
3.0.0.4.386.46061
asus/rt-ac1200e_firmware
3.0.0.4.386.46061
asus/rt-ac1200g\+_firmware
3.0.0.4.386.46061
asus/rt-ac1200g_firmware
3.0.0.4.386.46061
asus/rt-ac1200gu_firmware
3.0.0.4.386.46061
... and 40 more
Published
Jul 05, 2022
Tracked Since
Feb 18, 2026