CVSS Base Vector:
This host is running ASUS Router and is prone
to multiple vulnerabilities.
Send a crafted request via HTTP GET and
check whether it is able to read cookie or not.
Flaws are exists as the application does
not validate input passed via 'next_page', 'group_id', 'action_script',
'flag' parameters to start_apply.htm script before returning it to user.
Successful exploitation will allow a
context-dependent attacker to create a specially crafted request that would
execute arbitrary script code in a user's browser session within the trust
relationship between their browser and the server and also to conduct CSRF
ASUS RT-G32 with firmware 220.127.116.11 and
18.104.22.168, other firmware may also be affected.
No known solution was made available
for at least one year since the disclosure of this vulnerability. Likely none will
be provided anymore. General solution options are to upgrade to a newer release,
disable respective features, remove the product or replace the product by another
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
Vendor will not fix
SecurityFocus Bugtraq ID: