CVE-2021-43702

high-risk

Published 2022-07-05

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.

Do I need to act?

0.52% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.0/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Zenwifi Xd4S Firmware

Zenwifi Xt9 Firmware

Zenwifi Xd5 Firmware

Zenwifi Pro Et12 Firmware

Zenwifi Pro Xt12 Firmware

Zenwifi Ax Hybrid Firmware

Zenwifi Et8 Firmware

Zenwifi Xd6 Firmware

Zenwifi Ac Mini Firmware

Zenwifi Ax Mini Firmware

Zenwifi Ax Firmware

Zenwifi Ac Firmware

Rt-Ac66U B1 Firmware

Rt-Ax88U Firmware

Rt-Ax82U Firmware

Rt-Ax89X Firmware

Rt-Ax92U Firmware

Rt-Ax86U Firmware

Rt-Ax68U Firmware

Rt-Ax3000 Firmware

Affected Vendors

Asus

References (4)

Product https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT...

Exploit https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discove...

Product https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT...

Exploit https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discove...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 2/34 · Minimal

Exposure 30/34 · Critical