Asus: >> Rt-N10+d1 Security Vulnerabilities
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-03-20
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
CVSS Score
9.8
EPSS Score
0.068
Published
2020-03-20
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-03-20
Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.
CVSS Score
4.3
EPSS Score
0.004
Published
2015-02-04