ASUS RT-AC88U Download Master up to 3.1.0.105 Title productname injection

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in ASUS RT-AC88U Download Master up to 3.1.0.105. It has been classified as problematic. Affected is some unknown functionality of the file /Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp of the component Title Handler. Upgrading to version 3.1.0.108 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1073204512/13/2020VulD...cvss3_nvd_basescore7.5nist.gov12/13/2020accepted90
1073204412/13/2020VulD...cvss2_nvd_basescore5.0nist.gov12/13/2020accepted90
1073204312/13/2020VulD...cvss3_meta_tempscore5.3see documentation12/13/2020accepted90
1073204212/13/2020VulD...cvss3_meta_basescore5.9see documentation12/13/2020accepted90
1073204112/13/2020VulD...cvss2_nvd_aiNnvd.nist.gov12/13/2020accepted70
1073204012/13/2020VulD...cvss2_nvd_iiPnvd.nist.gov12/13/2020accepted70
1073203912/13/2020VulD...cvss2_nvd_ciNnvd.nist.gov12/13/2020accepted70
1073203812/13/2020VulD...cvss2_nvd_auNnvd.nist.gov12/13/2020accepted70
1073203712/13/2020VulD...cvss2_nvd_acLnvd.nist.gov12/13/2020accepted70
1073203612/13/2020VulD...cvss2_nvd_avNnvd.nist.gov12/13/2020accepted70
1073203512/13/2020VulD...cvss3_nvd_aNnvd.nist.gov12/13/2020accepted70
1073203412/13/2020VulD...cvss3_nvd_iHnvd.nist.gov12/13/2020accepted70
1073203312/13/2020VulD...cvss3_nvd_cNnvd.nist.gov12/13/2020accepted70
1073203212/13/2020VulD...cvss3_nvd_sUnvd.nist.gov12/13/2020accepted70
1073203112/13/2020VulD...cvss3_nvd_uiNnvd.nist.gov12/13/2020accepted70
1073203012/13/2020VulD...cvss3_nvd_prNnvd.nist.gov12/13/2020accepted70
1073202912/13/2020VulD...cvss3_nvd_acLnvd.nist.gov12/13/2020accepted70
1073202812/13/2020VulD...cvss3_nvd_avNnvd.nist.gov12/13/2020accepted70
1073202712/13/2020VulD...cve_nvd_summaryAn injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection.cve.mitre.org12/13/2020accepted70
1073202612/13/2020VulD...cve_assigned1607468400cve.mitre.org12/13/2020accepted70

Do you know our Splunk app?

Download it now for free!