Zero-Day Advisory

Fortinet Discovers Persistent Cross-Site Scripting Vulnerability in Multiple Asus Routers

Summary

Fortinet's FortiGuard Labs has discovered a persistent Cross-Site Scripting (XSS) vulnerability in multiple Asus routers.

ASUSTeK Computer Incorporated (Asus) designs and manufactures a series of network routers. It's one of the best router brands in the world.

The discovered vulnerability could allow an authenticated, remote attacker to conduct an XSS attack when an user attempts to change the nickname of network equipment whose nickname has been injected with JavaScript code.

Solutions

FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

Asus.Router.Web.Management.Page.XSS
Released May 29, 2018

Users should apply the solution provided by Asus.

Additional Information

Many Asus router models are affected:

RT-AC66U

RT-AC58U

RT-AC54U

RT-AC51U

RT-AC1200HP

RT-ACRH13

RT-N66U

RT-N12 D1

RT-N12HP B1


Timeline

Fortinet reported the vulnerability to Asus on April 02, 2018

Asus confirmed the vulnerability on April 05, 2018

Asus released patch for the vulnerability on May 21, 2018

Acknowledgement

This vulnerability was discovered by Yonghui Han of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.