CVE-2021-43702

Name: CVE-2021-43702
Creator: NVD / NIST
Published: 2022-07-05T12:15:07.83+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9/10EPSS 0.83%

Last modified Jun 17, 2026

CVE-2021-43702 is a critical-severity vulnerability rated 9/10 on the CVSS scale. ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.. EPSS estimates a 0.83% chance of exploitation in the next 30 days.

Description

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.

Metrics

CVSS 3.1

9/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Probability

0.83%

53.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Asus	Zenwifi Xd4s Firmware	3.0.0.4.386.46061
Asus	Zenwifi Xt9 Firmware	3.0.0.4.386.46061
Asus	Zenwifi Xd5 Firmware	3.0.0.4.386.46061
Asus	Zenwifi Pro Et12 Firmware	3.0.0.4.386.46061
Asus	Zenwifi Pro Xt12 Firmware	3.0.0.4.386.46061
Asus	Zenwifi Ax Hybrid Firmware	3.0.0.4.386.46061
Asus	Zenwifi Et8 Firmware	3.0.0.4.386.46061
Asus	Zenwifi Xd6 Firmware	3.0.0.4.386.46061
Asus	Zenwifi Ac Mini Firmware	3.0.0.4.386.46061
Asus	Zenwifi Ax Mini Firmware	3.0.0.4.386.46061
Asus	Zenwifi Ax Firmware	3.0.0.4.386.46061
Asus	Zenwifi Ac Firmware	3.0.0.4.386.46061
Asus	Rt-Ac66u B1 Firmware	3.0.0.4.386.46061
Asus	Rt-Ax88u Firmware	3.0.0.4.386.46061
Asus	Rt-Ax82u Firmware	3.0.0.4.386.46061
Asus	Rt-Ax89x Firmware	3.0.0.4.386.46061
Asus	Rt-Ax92u Firmware	3.0.0.4.386.46061
Asus	Rt-Ax86u Firmware	3.0.0.4.386.46061
Asus	Rt-Ax68u Firmware	3.0.0.4.386.46061
Asus	Rt-Ax3000 Firmware	3.0.0.4.386.46061
Asus	Rt-Ax58u Firmware	3.0.0.4.386.46061
Asus	Rt-Ax55 Firmware	3.0.0.4.386.46061
Asus	Rt-Ax56u Firmware	3.0.0.4.386.46061
Asus	Rt-Ac66u\+ Firmware	3.0.0.4.386.46061
Asus	Rog Rapture Gt-Ac5300 Firmware	3.0.0.4.386.46061
Asus	Rog Rapture Gt-Ax11000 Firmware	3.0.0.4.386.46061
Asus	Rog Rapture Gt-Ac2900 Firmware	3.0.0.4.386.46061
Asus	Rt-Ac1300uhp Firmware	3.0.0.4.386.46061
Asus	Rt-Ac1300g\+ Firmware	3.0.0.4.386.46061
Asus	Tuf Gaming Ax5400 Firmware	3.0.0.4.386.46061
Asus	Tuf Gaming Ax3000 V2 Firmware	3.0.0.4.386.46061
Asus	Rt-Ac1200 Firmware	3.0.0.4.386.46061
Asus	Rt-Ac5300 Firmware	3.0.0.4.386.46061
Asus	Rt-Ac1200g Firmware	3.0.0.4.386.46061
Asus	Rt-Ac1200hp Firmware	3.0.0.4.386.46061
Asus	Rt-Ac1200g\+ Firmware	3.0.0.4.386.46061
Asus	Rt-Ac1200e Firmware	3.0.0.4.386.46061
Asus	Rt-Ac1200gu Firmware	3.0.0.4.386.46061
Asus	Rt-Ac3100 Firmware	3.0.0.4.386.46061
Asus	Rt-Ac58u Firmware	3.0.0.4.386.46061
Asus	Rt-Ac88u Firmware	3.0.0.4.386.46061
Asus	Rt-Ac56u Firmware	3.0.0.4.386.46061
Asus	Rt-Ac56r Firmware	3.0.0.4.386.46061
Asus	Rt-Ac56s Firmware	3.0.0.4.386.46061
Asus	Rt-Ac3200 Firmware	3.0.0.4.386.46061
Asus	Rt-Ac55u Firmware	3.0.0.4.386.46061
Asus	Rt-Ac2900 Firmware	3.0.0.4.386.46061
Asus	Rt-Ac55uhp Firmware	3.0.0.4.386.46061
Asus	Rt-Ac2600 Firmware	3.0.0.4.386.46061
Asus	Rt-Ac53 Firmware	3.0.0.4.386.46061

Showing 50 of 93 affected configurations. See NVD for the full list.

References

https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/Product, Vendor Advisory
https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patchExploit, Third Party Advisory
https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U/Product, Vendor Advisory
https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patchExploit, Third Party Advisory

Timeline

Published: Jul 5, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-43702?

How severe is CVE-2021-43702?

CVE-2021-43702 has a CVSS score of 9/10 (CRITICAL severity). The EPSS model estimates a 0.83% probability of exploitation in the next 30 days.

How do I fix CVE-2021-43702?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-43702?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST