A bug has been found in the ASUS RT-AC1900p whole home WIFI router that could allow a man-in-the-middle attack if not patched. Originally found by the researchers at Trustwave, the first issue (CVE-2020-15498) stems from a lack of certificate checking. The report from Trustwave claims that if an attacker knows what to look for, they could inject a false certificate to force the installation of malicious files to allow them to snoop on all traffic going through the router. The second bug (CVE-2020-15499) is a cross-site scripting flaw in the Web Management Interface related to firmware updates. The report from Trustwave states, “The release notes page did not properly escape the contents of the page before rendering it to the user. This means that a legitimate administrator could be attacked by a malicious party using the first MITM finding and chaining it with arbitrary JavaScript code execution.”