Primary

Context

ASUS RT-N10E and RT-N12E Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the ASUS RT-N10E and RT-N12E routers, specifically in the 2.0.0.x firmware range. This vulnerability arises from inadequate input validation, allowing attackers to manipulate the SSID argument in the sysinfo.asp file. Exploitation of this issue could lead to the disclosure of sensitive information. It is important to note that all versions of the RT-N10E and RT-N12E are no longer supported, as they have reached End-of-Life (EOL).

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users can mitigate this vulnerability by disabling remote access features from the Wide Area Network (WAN).

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

3.5

exploitability

6.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

3.5

exploitability

6.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ASUS RT-N10E and RT-N12E Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ASUS RT-N10E

ASUS RT-N12E

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating