Описание
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
Ссылки
- PatchThird Party Advisory
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS/PatchProductVendor Advisory
- PatchThird Party Advisory
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS/PatchProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.0.4.388.20558 (исключая)
Одновременно
cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01205
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-74
CWE-74
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
EPSS
Процентиль: 79%
0.01205
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-74
CWE-74