CVE-2020-29655
First published: Wed Dec 09 2020(Updated: )
An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Rt-ac88u Firmware | <3.1.0.108 | |
| Asus Rt-ac88u |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-29655?
CVE-2020-29655 is an injection vulnerability that exists in RT-AC88U Download Master before version 3.1.0.108.
How does CVE-2020-29655 affect Asus Rt-ac88u Firmware?
Asus Rt-ac88u Firmware versions up to 3.1.0.108 are affected by CVE-2020-29655.
What is the severity of CVE-2020-29655?
CVE-2020-29655 has a severity value of 7.5 (High).
How can I fix CVE-2020-29655?
To fix CVE-2020-29655, update RT-AC88U Download Master to version 3.1.0.108 or later.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-29655?
The CWE ID for CVE-2020-29655 is 74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component of the Same Product)
- collector/nvd-index
- agent/tags
- agent/event
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/asus
- canonical/asus rt-ac88u firmware
- canonical/asus rt-ac88u