VYPR
← All advisories
Medium severityNVD Advisory· Published Feb 16, 2025· Updated Apr 15, 2026

CVE-2025-1354

CVE-2025-1354

Description

A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. Note: All versions of RT-N10E and RT-N12E are unsupported (End-of-Life, EOL). Consumers can mitigate this vulnerability by disabling the remote access features from WAN

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2025-1354 is an XSS vulnerability in EOL ASUS RT-N10E/RT-N12E routers via the SSID parameter in sysinfo.asp, allowing information disclosure.

A cross-site scripting (XSS) vulnerability has been discovered in the ASUS RT-N10E and RT-N12E routers running firmware versions 2.0.0.x. The root cause is improper input validation of the SSID argument in the sysinfo.asp file [1][2]. This allows an attacker to inject malicious scripts.

Exploitation requires an authenticated user to visit a crafted link or page that manipulates the SSID parameter. The attacker must be on the local network or trick the victim into interacting with the router's web interface. Since the router is end-of-life (EOL) [1][2], no official patches will be released.

Successful exploitation could lead to disclosure of sensitive information from the router's web interface, such as configuration details or session tokens. The impact is limited to the information accessible via the authenticated session.

ASUS has marked these models as EOL and will not provide any firmware updates to fix this vulnerability. Users can mitigate the risk by disabling remote access from the WAN side as a workaround [1][2].

References
  1. RT-N12E - Support
  2. RT-N10E - Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.