Various models of ASUS RT routers have several CSRF vulnerabilities allowing malicious sites to login and change settings in the router; multiple JSONP vulnerabilities allowing exfiltration of router data and an XML endpoint revealing WiFi passwords. Most of these issues have been fixed by Asus in the March 2017 firmware update under v3.0.0.4.380.7378. 

http://seclists.org/fulldisclosure/2017/May/36