QwikSec

Security Database

CVE

CWE

Training

CVE-2025-1354

Published: Feb 16, 2025

Modified: Mar 13, 2025

PUBLISHED

Description

A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. Note: All versions of RT-N10E and RT-N12E are unsupported (End-of-Life, EOL). Consumers can mitigate this vulnerability by disabling the remote access features from WAN

Vendor	Product	Versions
ASUS	RT-N12E	affected `before 2.0.0.39`
ASUS	RT-N10E	affected `before 2.0.0.39`

Weaknesses (CWE)

References

VDB-295962 | Asus RT-N12E sysinfo.asp cross site scripting

vdb-entry

technical-description

VDB-295962 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #496013 | ASUS RT-N12E 2.0.0.19 Cross Site Scripting

third-party-advisory

https://www.asus.com/supportonly/rt-n10e/helpdesk_bios/

product

https://www.asus.com/supportonly/rt-n12e/helpdesk_bios/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.