CVE-2021-43702

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
asuszenwifi_xd4s_firmware
3.0.0.4.386.46061
asuszenwifi_xt9_firmware
3.0.0.4.386.46061
asuszenwifi_xd5_firmware
3.0.0.4.386.46061
asuszenwifi_pro_et12_firmware
3.0.0.4.386.46061
asuszenwifi__pro_xt12_firmware
3.0.0.4.386.46061
asuszenwifi_ax_hybrid_firmware
3.0.0.4.386.46061
asuszenwifi_et8_firmware
3.0.0.4.386.46061
asuszenwifi_xd6_firmware
3.0.0.4.386.46061
asuszenwifi_ac_mini_firmware
3.0.0.4.386.46061
asuszenwifi_ax_mini_firmware
3.0.0.4.386.46061
asuszenwifi_ax_firmware
3.0.0.4.386.46061
asuszenwifi_ac_firmware
3.0.0.4.386.46061
asusrt-ac66u_b1_firmware
3.0.0.4.386.46061
asusrt-ax88u_firmware
3.0.0.4.386.46061
asusrt-ax82u_firmware
3.0.0.4.386.46061
asusrt-ax89x_firmware
3.0.0.4.386.46061
asusrt-ax92u_firmware
3.0.0.4.386.46061
asusrt-ax86u_firmware
3.0.0.4.386.46061
asusrt-ax68u_firmware
3.0.0.4.386.46061
asusrt-ax82u_firmware
3.0.0.4.386.46061
asusrt-ax3000_firmware
3.0.0.4.386.46061
asusrt-ax58u_firmware
3.0.0.4.386.46061
asusrt-ax55_firmware
3.0.0.4.386.46061
asusrt-ax56u_firmware
3.0.0.4.386.46061
asusrt-ac66u\+_firmware
3.0.0.4.386.46061
asusrog_rapture_gt-ac5300_firmware
3.0.0.4.386.46061
asusrog_rapture_gt-ax11000_firmware
3.0.0.4.386.46061
asusrog_rapture_gt-ac2900_firmware
3.0.0.4.386.46061
asusrt-ac1300uhp_firmware
3.0.0.4.386.46061
asusrt-ac1300g\+_firmware
3.0.0.4.386.46061
asustuf_gaming_ax5400_firmware
3.0.0.4.386.46061
asustuf_gaming_ax3000_v2_firmware
3.0.0.4.386.46061
asusrt-ac1200_firmware
3.0.0.4.386.46061
asusrt-ac5300_firmware
3.0.0.4.386.46061
asusrt-ac1200g_firmware
3.0.0.4.386.46061
asusrt-ac1200hp_firmware
3.0.0.4.386.46061
asusrt-ac1200g\+_firmware
3.0.0.4.386.46061
asusrt-ac1200e_firmware
3.0.0.4.386.46061
asusrt-ac1200gu_firmware
3.0.0.4.386.46061
asusrt-ac3100_firmware
3.0.0.4.386.46061
asusrt-ac58u_firmware
3.0.0.4.386.46061
asusrt-ac88u_firmware
3.0.0.4.386.46061
asusrt-ac56u_firmware
3.0.0.4.386.46061
asusrt-ac56r_firmware
3.0.0.4.386.46061
asusrt-ac56s_firmware
3.0.0.4.386.46061
asusrt-ac3200_firmware
3.0.0.4.386.46061
asusrt-ac55u_firmware
3.0.0.4.386.46061
asusrt-ac2900_firmware
3.0.0.4.386.46061
asusrt-ac55uhp_firmware
3.0.0.4.386.46061
asusrt-ac2600_firmware
3.0.0.4.386.46061
asusrt-ac53_firmware
3.0.0.4.386.46061
asusrt-ac2400_firmware
3.0.0.4.386.46061
asusrt-ac52u_b1_firmware
3.0.0.4.386.46061
asusrt-ac2200_firmware
3.0.0.4.386.46061
asusrt-ac51u_firmware
3.0.0.4.386.46061
asusrt-ac51u\+_firmware
3.0.0.4.386.46061
asusrt-ac87u_firmware
3.0.0.4.386.46061
asusrt-ac87r_firmware
3.0.0.4.386.46061
asusrt-acrh17_firmware
3.0.0.4.386.46061
asusrt-ac86u_firmware
3.0.0.4.386.46061
asusrt-acrh13_firmware
3.0.0.4.386.46061
asusrt-ac85u_firmware
3.0.0.4.386.46061
asusrt-n66u_firmware
3.0.0.4.386.46061
asusrt-n66r_firmware
3.0.0.4.386.46061
asusrt-n66w_firmware
3.0.0.4.386.46061
asusrt-n66c1_firmware
3.0.0.4.386.46061
asusrt-ac85p_firmware
3.0.0.4.386.46061
asusrt-n18u_firmware
3.0.0.4.386.46061
asusrt-ac65p_firmware
3.0.0.4.386.46061
asusrt-n19_firmware
3.0.0.4.386.46061
asusrt-ac57u_firmware
3.0.0.4.386.46061
asusrt-n14uhp_firmware
3.0.0.4.386.46061
asusrt-ac68u_firmware
3.0.0.4.386.46061
asusrt-ac68r_firmware
3.0.0.4.386.46061
asusrt-ac68p_firmware
3.0.0.4.386.46061
asusrt-ac68w_firmware
3.0.0.4.386.46061
asusrt-ac68uf_firmware
3.0.0.4.386.46061
asusrt-n12e_b1_firmware
3.0.0.4.386.46061
asusrt-n12e_c1_firmware
3.0.0.4.386.46061
asusrt-ac65u_firmware
3.0.0.4.386.46061
asusrt-n12hp_b1_firmware
3.0.0.4.386.46061
asusrt-ac1900_firmware
3.0.0.4.386.46061
asusrt-n12vp_b1_firmware
3.0.0.4.386.46061
asusrt-ac1900p_firmware
3.0.0.4.386.46061
asusrt-ac1900u_firmware
3.0.0.4.386.46061
asusrt-n12\+_b1_firmware
3.0.0.4.386.46061
asusrt-ac1750_firmware
3.0.0.4.386.46061
asusrt-n12d1_firmware
3.0.0.4.386.46061
asusrt-ac1750_b1__firmware
3.0.0.4.386.46061
asus4g-ac53u_firmware
3.0.0.4.386.46061
asusrt-ac66u_firmware
3.0.0.4.386.46061
asusrt-ac66r_firmware
3.0.0.4.386.46061
asusrt-ac66w_firmware
3.0.0.4.386.46061
asus4g-ac68u_firmware
3.0.0.4.386.46061
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/
https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch
https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/
https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch