Vulnerabilites related to ASUS Japan Inc. - RT-AC87U
cve-2018-0581
Vulnerability from cvelistv5
Published
2018-05-14 13:00
Modified
2024-08-05 03:28
Severity ?
Summary
Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
http://jvn.jp/en/jp/JVN33901663/index.htmlthird-party-advisory, x_refsource_JVN
https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/x_refsource_MISC
Impacted products
Vendor Product Version
ASUS Japan Inc. RT-AC87U Version: Firmware version prior to 3.0.0.4.378.9383
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#33901663",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN33901663/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RT-AC87U",
          "vendor": "ASUS Japan Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Firmware version prior to 3.0.0.4.378.9383"
            }
          ]
        }
      ],
      "datePublic": "2018-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-14T12:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#33901663",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN33901663/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RT-AC87U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Firmware version prior to 3.0.0.4.378.9383"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ASUS Japan Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#33901663",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN33901663/index.html"
            },
            {
              "name": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/",
              "refsource": "MISC",
              "url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0581",
    "datePublished": "2018-05-14T13:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

jvndb-2015-000012
Vulnerability from jvndb
Published
2015-01-27 14:24
Modified
2015-06-17 16:42
Severity ?
() - -
Summary
Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery
Details
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN32631078/index.html
CVE //cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7270
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7270
Cross-Site Request Forgery(CWE-352) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
ASUS JAPAN Inc.RT-AC56S
ASUS JAPAN Inc.RT-AC68U
ASUS JAPAN Inc.RT-AC87U
ASUS JAPAN Inc.RT-N56U
ASUS JAPAN Inc.RT-N66U
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000012.html",
  "dc:date": "2015-06-17T16:42+09:00",
  "dcterms:issued": "2015-01-27T14:24+09:00",
  "dcterms:modified": "2015-06-17T16:42+09:00",
  "description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000012.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac56s",
      "@product": "RT-AC56S",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac68u",
      "@product": "RT-AC68U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac87u",
      "@product": "RT-AC87U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-n56u",
      "@product": "RT-N56U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-n66u",
      "@product": "RT-N66U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000012",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN32631078/index.html",
      "@id": "JVN#32631078",
      "@source": "JVN"
    },
    {
      "#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7270",
      "@id": "CVE-2014-7270",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7270",
      "@id": "CVE-2014-7270",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery"
}

jvndb-2015-000011
Vulnerability from jvndb
Published
2015-01-27 14:23
Modified
2015-06-17 16:42
Severity ?
() - -
Summary
Multiple ASUS wireless LAN routers vulnerable to OS command injection
Details
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN77792759/index.html
CVE //cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7269
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7269
OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
ASUS JAPAN Inc.RT-AC56S
ASUS JAPAN Inc.RT-AC68U
ASUS JAPAN Inc.RT-AC87U
ASUS JAPAN Inc.RT-N56U
ASUS JAPAN Inc.RT-N66U
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
  "dc:date": "2015-06-17T16:42+09:00",
  "dcterms:issued": "2015-01-27T14:23+09:00",
  "dcterms:modified": "2015-06-17T16:42+09:00",
  "description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac56s",
      "@product": "RT-AC56S",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac68u",
      "@product": "RT-AC68U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac87u",
      "@product": "RT-AC87U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-n56u",
      "@product": "RT-N56U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-n66u",
      "@product": "RT-N66U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.2",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000011",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN77792759/index.html",
      "@id": "JVN#77792759",
      "@source": "JVN"
    },
    {
      "#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7269",
      "@id": "CVE-2014-7269",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7269",
      "@id": "CVE-2014-7269",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple ASUS wireless LAN routers vulnerable to OS command injection"
}

jvndb-2018-000042
Vulnerability from jvndb
Published
2018-05-09 15:37
Modified
2018-08-30 12:32
Severity ?
6.1 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
RT-AC87U vulnerable to cross-site scripting
Details
RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability (CWE-79). Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN https://jvn.jp/en/jp/JVN33901663/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0581
NVD https://nvd.nist.gov/vuln/detail/CVE-2018-0581
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
ASUS JAPAN Inc.RT-AC87U
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000042.html",
  "dc:date": "2018-08-30T12:32+09:00",
  "dcterms:issued": "2018-05-09T15:37+09:00",
  "dcterms:modified": "2018-08-30T12:32+09:00",
  "description": "RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nKeigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000042.html",
  "sec:cpe": {
    "#text": "cpe:/h:misc:asus_japan_rt-ac87u",
    "@product": "RT-AC87U",
    "@vendor": "ASUS JAPAN Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000042",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN33901663/index.html",
      "@id": "JVN#33901663",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0581",
      "@id": "CVE-2018-0581",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0581",
      "@id": "CVE-2018-0581",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "RT-AC87U vulnerable to cross-site scripting"
}