CVE-2018-14710: XSS
First published: Mon May 13 2019(Updated: )
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Rt-ac3200 Firmware | =3.0.0.4.382.50010 | |
| ASUS RT-AC3200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-14710.
What is the severity of CVE-2018-14710?
The severity of CVE-2018-14710 is medium.
What is the description of CVE-2018-14710?
CVE-2018-14710 is a vulnerability that allows attackers to execute JavaScript via the 'hook' URL parameter in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010.
How can attackers exploit CVE-2018-14710?
Attackers can exploit CVE-2018-14710 by injecting malicious JavaScript code through the 'hook' URL parameter in the appGet.cgi script.
Is there a fix available for CVE-2018-14710?
There is no information available on a fix for CVE-2018-14710 at this time.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/weakness
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/asus
- canonical/asus rt-ac3200 firmware
- version/asus rt-ac3200 firmware/3.0.0.4.382.50010
- canonical/asus rt-ac3200