CVE-2023-34941 - How Attackers Exploit Stored XSS in Asus RT-N10LX (v2...39) Routers

*Stored XSS in the urlFilterList Function May Expose Your Network*

Intro: The ASUS RT-N10LX XSS Flaw

In June 2023, security researchers disclosed CVE-2023-34941, a stored Cross-Site Scripting (XSS) vulnerability in the ASUS RT-N10LX router, specifically firmware version 2...39. This post will walk you through how this bug works, how attackers can exploit it, and what it means for anyone running this outdated router.

Official CVE description

> A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2...39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field.

Read it yourself: CVE-2023-34941 on NVD

How Does The Exploit Work?

Cross-site scripting (XSS) is a common web security flaw that allows attackers to inject malicious scripts into web pages viewed by other users.

On the RT-N10LX router, the URL Filter List feature lets users block access to certain URLs. However, the developers failed to sanitize user input in this field—so an attacker can inject JavaScript or HTML.

Whenever a victim (like an admin or another network user) visits the router’s web admin interface, the malicious script runs in their browser.

Why is this dangerous?
An attacker could steal your session cookie, redirect you to malicious sites, or even change your router settings.

Code Snippet: Malicious XSS Payload

Let’s say the admin goes to the URL filter page and enters this payload (instead of a normal keyword):

<script>alert('XSS by CVE-2023-34941');</script>

Here’s how it would be sent (using curl or a crafted POST request)

curl -X POST -d "urlList=<script>alert('XSS by CVE-2023-34941');</script>" http://ROUTER-IP/apply.cgi

*(Replace ROUTER-IP with your actual device IP)*

After saving, whenever that field is rendered in the web interface, the injected JavaScript runs

![](https://user-images.githubusercontent.com/yourimage.png)

Spread malware: Redirect connected computers or devices to exploit kits or malicious downloads.

- Create permanent backdoors: Load scripts that automatically fetch and execute more dangerous code every time the admin logs in.

Can You Fix or Patch This?

Unfortunately, ASUS has marked the device as unsupported. There are no official firmware updates to address this bug.

Upgrade your router: The surest way to stay secure.

- Limit access: Never expose the admin interface to the internet. Only configure it from a secure machine on your home network.

References

- NVD: CVE-2023-34941
- ASUS RT-N10LX Support Page (Archived)
- OWASP XSS Guide

Conclusion

CVE-2023-34941 shines a spotlight on the risks of running unsupported network hardware. This XSS vulnerability in the ASUS RT-N10LX web interface gives attackers a powerful way to compromise your router—or your whole network.

If you still use this router, it’s time to upgrade.
If you MUST use it, avoid the web interface as much as possible, and never use the same admin password on multiple devices.

Stay safe, and share this info with anyone you know running old ASUS gear!

*This post is an exclusive, simplified breakdown. For direct technical questions, leave a comment below or contact me.*

Timeline

Published on: 06/12/2023 20:15:00 UTC
Last modified on: 06/21/2023 14:30:00 UTC