CVE-2017-6547
Summary
| CVE | CVE-2017-6547 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-03-09 09:59:00 UTC |
| Updated | 2017-08-16 01:29:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Asus | Rt-ac53 | - | All | All | All |
| Hardware | Asus | Rt-ac53 | - | All | All | All |
| Operating System | Asus | Rt-ac53 Firmware | 3.0.0.4.380.6038 | All | All | All |
| Operating System | Asus | Rt-ac53 Firmware | 3.0.0.4.380.6038 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 0xbb - ASUSWRT | MISC | bierbaumer.net | Exploit, Third Party Advisory |
| ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting - Hardware webapps Exploit | EXPLOIT-DB | www.exploit-db.com | |
| Asus ASUSWRT Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.