CVE-2023-34360

Summary

CVE-2023-34360 is a stored cross-site scripting (XSS) vulnerability affecting the Custom User Icons functionality of ASUS RT-AX88U routers running firmware versions 3.0.0.4.388.23110 and earlier. A successful attack allows an unauthenticated remote attacker, who has logged in with regular user privileges, to execute JavaScript code by uploading a malicious image containing the script. This can lead to unauthorized access to user data or session hijacking. The vulnerability poses a serious risk and users are urged to update their firmware as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.