CVE-2020-29655
Summary
| CVE | CVE-2020-29655 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-09 08:15:00 UTC |
| Updated | 2020-12-10 17:05:00 UTC |
| Description | An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection. |
Risk And Classification
Problem Types: CWE-74
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Asus | Rt-ac88u | - | All | All | All |
| Hardware | Asus | Rt-ac88u | - | All | All | All |
| Operating System | Asus | Rt-ac88u Firmware | All | All | All | All |
| Operating System | Asus | Rt-ac88u Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2020-29655 | ASUS RT-AC88U Download Master Title injection (VDB-165678) | MISC | vuldb.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.