Vulnerability Details CVE-2022-26673
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2022-26673
-
cpe:2.3:h:asus:rt-ax88u:-
-
cpe:2.3:o:asus:rt-ax88u_firmware:-
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.4730
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.4736
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5247
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5329
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5640
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5951
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.6210
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42095
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42819
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42820
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.44266
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45375
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45898
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45934
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.46061