CVE-2014-2925 in RT Router
Summary
by MITRE
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/11/2026
The CVE-2014-2925 vulnerability represents a critical cross-site scripting flaw discovered in ASUS RT-AC68U and other RT series routers running firmware versions prior to 3.0.0.4.374.5047. This vulnerability resides within the Advanced_Wireless_Content.asp web interface component and specifically affects the handling of user input through the current_page parameter in the apply.cgi script. The flaw enables remote attackers to execute malicious web scripts or HTML code within the context of authenticated users' browsers, potentially compromising the entire network infrastructure.
This vulnerability falls under CWE-79 which categorizes cross-site scripting flaws as weaknesses in web applications that allow attackers to inject client-side scripts into web pages viewed by other users. The technical implementation of this flaw occurs when the router's web interface fails to properly sanitize or validate user input before incorporating it into dynamically generated web content. The current_page parameter in the apply.cgi script serves as the injection vector, where unvalidated input from remote attackers can be directly embedded into the router's web interface without proper encoding or filtering mechanisms.
The operational impact of this vulnerability extends beyond simple script injection, as it provides attackers with the ability to manipulate the router's administrative interface and potentially gain unauthorized access to network configurations. An attacker could exploit this vulnerability to redirect users to malicious websites, steal session cookies, modify router settings, or even execute arbitrary commands on the affected devices. The remote nature of the attack means that adversaries do not require physical access to the network equipment, making this vulnerability particularly dangerous for enterprise and home network administrators who may not be aware of the compromised devices.
The attack surface for this vulnerability encompasses all ASUS RT series routers running firmware versions below the patched threshold, including but not limited to RT-AC68U, RT-AC66U, RT-AC67U, and other similar models. The vulnerability's exploitation requires minimal prerequisites since it operates through the standard web interface that is typically accessible to network administrators and authorized users. Network security professionals should note that this flaw aligns with ATT&CK technique T1071.004 which covers application layer protocol: web protocols, and T1566 which involves credential access through social engineering and phishing attacks that could leverage such XSS vulnerabilities.
Mitigation strategies for CVE-2014-2925 involve immediate firmware updates to versions 3.0.0.4.374.5047 or later, which contain proper input validation and sanitization measures. Network administrators should also implement additional security controls including disabling unnecessary web interfaces, restricting access to router administration portals through firewall rules, and monitoring for suspicious web traffic patterns. The vulnerability highlights the importance of secure coding practices and input validation in network device firmware development, as outlined in OWASP Top Ten security principles and NIST cybersecurity frameworks. Organizations should conduct comprehensive vulnerability assessments to identify all affected devices within their network infrastructure and ensure proper patch management procedures are in place to prevent similar vulnerabilities from being exploited in the future.