CVE-2025-1354
MEDIUMASUS RT-N10E and RT-N12E - Stored Cross-Site Scripting via SSID Parameter in sysinfo.asp
Title source: llmDescription
A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. Note: All versions of RT-N10E and RT-N12E are unsupported (End-of-Life, EOL). Consumers can mitigate this vulnerability by disabling the remote access features from WAN
References (5)
Core 5
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.295962
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.295962
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.496013
Various Sources product
https://www.asus.com/supportonly/rt-n10e/helpdesk_bios/
Various Sources product
https://www.asus.com/supportonly/rt-n12e/helpdesk_bios/
Scores
CVSS v4
4.8
EPSS
0.0010
EPSS Percentile
27.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
ASUS/RT-N10E
before 2.0.0.39
ASUS/RT-N12E
before 2.0.0.39
Published
Feb 16, 2025
Tracked Since
Feb 18, 2026