go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


ASUS RT-AX88U - Stored XSS

TVN ID TVN-202307013
CVE ID CVE-2023-34360
CVSS 7.5 (High)
Affected Products RT-AX88U: and prior
Description A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions and prior.  After a remote attacker logs in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading an image containing JavaScript code.
Solution upate FW to
Public Date 2023-09-19