A cross-site scripting (XSS) vulnerability in the RT-N10E and RT-N12E firmware versions 2.0.0.x has been identified. This vulnerability allows attackers to manipulate the SSID argument in the sysinfo.asp file due to improper input validation, potentially leading to the disclosure of sensitive information. Given that all versions of RT-N10E and RT-N12E are unsupported and have reached End-of-Life (EOL), organizations must take immediate steps to mitigate this risk.
The CVSS score for this vulnerability is 4.8, categorized as medium severity. This score indicates that while exploitation is feasible, it requires a high level of privileges and passive user interaction. The urgency for organizations to address this vulnerability is moderate, as it poses a risk of information disclosure if exploited.
Organizations should prioritize disabling remote access features from WAN to reduce exposure to potential attacks. Although no public exploits have been confirmed, the nature of the vulnerability necessitates proactive measures to safeguard sensitive information.
Considering the ongoing threat landscape, organizations that rely on the affected firmware should seek alternative solutions or upgrades to maintain security and compliance.
Vulnerability Details
The vulnerability is classified under CWE-79, indicating a cross-site scripting issue. The vulnerability was published on February 16, 2025, and its last modification was on April 15, 2026. With a CVSS score of 4.8, it reflects a medium severity level, highlighting its potential impact on confidentiality, integrity, and availability.
Technical Analysis
The root cause of this vulnerability lies in improper input validation within the firmware. Specifically, the XSS issue can be exploited through the manipulation of the SSID argument in the sysinfo.asp file.
The attack vector is classified as network-based (AV:N), allowing remote attackers to exploit the vulnerability. The attack complexity is low (AC:L), indicating that an attacker can easily execute the exploit without significant effort. However, the attacker requires high privileges (PR:H) to successfully execute the attack, and user interaction is passive (UI:P).
The impact on confidentiality is none (C:N), while the integrity impact is low (I:L). There are no availability impacts (A:N) associated with this vulnerability.
Risk & Impact Analysis
The deployment of RT-N10E and RT-N12E devices in sensitive environments poses a risk to organizations, especially those storing or transmitting sensitive data. The potential for information disclosure via XSS attacks can lead to unauthorized access and exploitation of sensitive information.
Given its medium CVSS score and the fact that the affected firmware is no longer supported, organizations must treat this vulnerability with a moderate level of urgency. It is critical to evaluate the blast radius of this vulnerability and implement appropriate measures to mitigate risks to sensitive information.
Organizations should be aware of the potential for exploitation and consider scheduling remediation activities in their patch cycle. Ensuring that remote access features are disabled is a key step in risk mitigation.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
All versions of RT-N10E and RT-N12E firmware prior to any vendor patch are affected. It is critical to note that these devices are no longer supported, and organizations should consider upgrading or replacing them.
Mitigation & Remediation
Organizations should mitigate this vulnerability by disabling remote access features from WAN immediately. While no vendor patch is available, transitioning to supported devices is advisable. For ongoing security, consider implementing configuration hardening and network controls to further reduce exposure.
For additional guidance on maintaining a secure environment, organizations can refer to resources on application security assessments to ensure all potential vulnerabilities are addressed.
Detection Guidance
To effectively monitor for potential exploitation, organizations should review logs for any unusual activity related to the sysinfo.asp file. Behavioral anomalies should be investigated, particularly any unauthorized attempts to access sensitive information.
In addition, network signatures can be established to detect abnormal requests that may indicate an attempt to exploit the XSS vulnerability.
AppSecure Threat Intelligence Insight
The long-term significance of CVE-2025-1354 highlights the importance of regular firmware updates and the risks associated with using unsupported devices. Organizations should learn from this vulnerability to establish better security practices and vulnerability management programs.
This case represents a pattern where legacy devices are increasingly targeted due to their lack of support and updates. It serves as a reminder for security teams to prioritize the lifecycle management of devices and to recognize the potential for similar vulnerabilities in unsupported technology.
For best practices in vulnerability management, organizations can refer to the following resources: vulnerability management program design and penetration testing methodology to ensure comprehensive security assessments.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)