CVE-2015-1437

Posted On // Leave a Comment

Overview

ASUS Router RT-N10 Plus is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the result_of_get_changed_status.asp script. A remote authenticated attacker could exploit this vulnerability using the flag parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Technical details

Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.

CVSS Scores & Vulnerability Types

CVSS Score
4.3
Confidentiality ImpactNone (There is no impact to the confidentiality of the system.)
Integrity ImpactPartial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability ImpactNone (There is no impact to the availability of the system.)
Access ComplexityMedium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
AuthenticationNot required (Authentication is not required to exploit the vulnerability.)
Gained AccessNone
Vulnerability Type(s)Cross Site Scripting
CWE ID79

Impact

It is possible to compromise  a  complete network which is running on Asus router with some social engineering trick just user have to visit a specially crafted request and this may leads to compromise  his system using a browser exploitation framework.

References to Advisories, Solutions, and Tools

External Source: MISC
Name: http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html
Hyperlink: http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html
External Source: BUGTRAQ
Name: 20150203 CVE-2015-1437 XSS In ASUS Router.
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/534612/100/0/threaded
External Source: BUGTRAQ
Name: 20150129 Reflected XSS vulnarbility in Asus RT-N10 Plus Router
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/534579/100/0/threaded
External Source: XF
Name: asus-rtn10-resultstatus-xss(100566)
Hyperlink: http://xforce.iss.net/xforce/xfdb/100566
External Source: BID
Name: 72369
Hyperlink: http://www.securityfocus.com/bid/72369
External Source: XF
Name: asus-rtn10-errorpage-xss(100563)
Hyperlink: http://xforce.iss.net/xforce/xfdb/100563
External Source: BUGTRAQ
Name: 20150129 Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router
Hyperlink: http://www.securityfocus.com/archive/1/archive/1/534580/100/0/threaded


POC : 

Authenticated :- alert Box

 Unauthenticated XSS


CVE-ID Links :- 


  • MITRE :- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1437
  • NVD    :- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1437
  • CVEDe:- http://www.cvedetails.com/cve/CVE-2015-1437/