CVE-2025-1354

Published Feb 16, 2025

Last updated 21 days ago

CVSS medium 4.8

Overview

Description
A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. Note: All versions of RT-N10E and RT-N12E are unsupported (End-of-Life, EOL). Consumers can mitigate this vulnerability by disabling the remote access features from WAN
Source
54bf65a7-a193-42d2-b1ba-8e150d3c35e1
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
4.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
2.4
Impact score
1.4
Exploitability score
0.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Severity
LOW

CVSS 2.0

Type
Secondary
Base score
3.3
Impact score
2.9
Exploitability score
6.4
Vector string
AV:N/AC:L/Au:M/C:N/I:P/A:N

Weaknesses

54bf65a7-a193-42d2-b1ba-8e150d3c35e1
CWE-79
cna@vuldb.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-1354 A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classified as problematic. Affected is an unknown function of the file sysinfo.asp. The manipulation of … https://t.co/MPLkJZa8hY

    @CVEnew

    16 Feb 2025

    590 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References