Asus RT-N10 Plus Cross Site Scripting CVE-2015-1437

Overview

ASUS Router RT-N10 Plus is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the result_of_get_changed_status.asp script. A remote authenticated attacker could exploit this vulnerability using the flag parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Technical details

Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.

CVSS Scores & Vulnerability Types

CVSS Score	4.3
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Cross Site Scripting
CWE ID	79

Impact

It is possible to compromise a complete network which is running on Asus router with some social engineering trick just user have to visit a specially crafted request and this may leads to compromise his system using a browser exploitation framework.

References to Advisories, Solutions, and Tools

External Source: MISC

Name: http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html
Hyperlink: http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html

External Source: BUGTRAQ

Name: 20150203 CVE-2015-1437 XSS In ASUS Router.
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/534612/100/0/threaded

External Source: BUGTRAQ

Name: 20150129 Reflected XSS vulnarbility in Asus RT-N10 Plus Router
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/534579/100/0/threaded

External Source: XF

Name: asus-rtn10-resultstatus-xss(100566)
Hyperlink: http://xforce.iss.net/xforce/xfdb/100566

External Source: BID

Name: 72369
Hyperlink: http://www.securityfocus.com/bid/72369

External Source: XF

Name: asus-rtn10-errorpage-xss(100563)
Hyperlink: http://xforce.iss.net/xforce/xfdb/100563

External Source: BUGTRAQ

Name: 20150129 Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/534580/100/0/threaded

Kaustubh Padwad

Kaustubh Padwad works as an Information Security Analyst at NII. He has carried out Vulnerability Assessments and Penetration Tests for Web Applications and Networks Infrastructure.His expertise is in Linux, scripting, SOC deployment, data processing and Log analysis,His areas of interest in Information Security domain are: exploitation, Reverse Engineering , Shell coding,Tool building, Malware analysis.

breakthesec.com