CVE-2018-18291: XSS
First published: Sun Oct 14 2018(Updated: )
A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Rt-ac58u Firmware | =3.0.0.4.380.6516 | |
| ASUS RT-AC58U |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-18291?
The severity of CVE-2018-18291 is medium with a CVSS score of 6.1.
What is the affected software of CVE-2018-18291?
The affected software of CVE-2018-18291 is ASUS RT-AC58U firmware version 3.0.0.4.380_6516.
How does CVE-2018-18291 work?
CVE-2018-18291 is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML.
Is ASUS RT-AC58U vulnerable to CVE-2018-18291?
Yes, ASUS RT-AC58U with firmware version 3.0.0.4.380_6516 is vulnerable to CVE-2018-18291.
How can I fix CVE-2018-18291?
To fix CVE-2018-18291, update your ASUS RT-AC58U firmware to a version that is not vulnerable.
- collector/nvd-index
- agent/event
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/asus
- canonical/asus rt-ac58u firmware
- version/asus rt-ac58u firmware/3.0.0.4.380.6516
- canonical/asus rt-ac58u