Various models of ASUS RT routers have several CSRF vulnerabilities allowing malicious sites to login and change settings in the router; multiple JSONP vulnerabilities allowing exfiltration of router data and an XML endpoint revealing WiFi passwords.

Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]