Search criteria
9 vulnerabilities found for dsl-n12e_c1_firmware by asus
FKIE_CVE-2018-15887
Vulnerability from fkie_nvd - Published: 2018-08-27 15:29 - Updated: 2024-11-21 03:51
Severity ?
Summary
Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://fakhrizulkifli.github.io/CVE-2018-15887.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fakhrizulkifli.github.io/CVE-2018-15887.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | dsl-n12e_c1_firmware | 1.1.2.3_345 | |
| asus | dsl-n12e_c1 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n12e_c1_firmware:1.1.2.3_345:*:*:*:*:*:*:*",
"matchCriteriaId": "E8057D07-0B28-498F-9687-34CA9537C6DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n12e_c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6C48CD-4BC0-4355-969E-1C22A58D7FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request."
},
{
"lang": "es",
"value": "Main_Analysis_Content.asp en ASUS DSL-N12E_C1 1.1.2.3_345 es propenso a una ejecuci\u00f3n remota autenticada de comandos, lo que permite que un atacante remoto ejecute comandos arbitrarios del sistema operativo mediante par\u00e1metros del servicio, como metacaracteres shell en el par\u00e1metro destIP de una petici\u00f3n cmdMethod=ping."
}
],
"id": "CVE-2018-15887",
"lastModified": "2024-11-21T03:51:39.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-27T15:29:00.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fakhrizulkifli.github.io/CVE-2018-15887.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fakhrizulkifli.github.io/CVE-2018-15887.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14698
Vulnerability from fkie_nvd - Published: 2018-01-29 16:29 - Updated: 2024-11-21 03:13
Severity ?
Summary
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | dsl-ac51_firmware | - | |
| asus | dsl-ac51 | - | |
| asus | dsl-ac52u_firmware | - | |
| asus | dsl-ac52u | - | |
| asus | dsl-ac55u_firmware | - | |
| asus | dsl-ac55u | - | |
| asus | dsl-n55u_c1_firmware | - | |
| asus | dsl-n55u_c1 | - | |
| asus | dsl-n55u_d1_firmware | - | |
| asus | dsl-n55u_d1 | - | |
| asus | dsl-ac56u_firmware | - | |
| asus | dsl-ac56u | - | |
| asus | dsl-n10_c1_firmware | - | |
| asus | dsl-n10_c1 | - | |
| asus | dsl-n12u_c1_firmware | - | |
| asus | dsl-n12u_c1 | - | |
| asus | dsl-n12e_c1_firmware | - | |
| asus | dsl-n12e_c1 | - | |
| asus | dsl-n14u_firmware | - | |
| asus | dsl-n14u | - | |
| asus | dsl-n14u-b1_firmware | - | |
| asus | dsl-n14u-b1 | - | |
| asus | dsl-n16_firmware | - | |
| asus | dsl-n16 | - | |
| asus | dsl-n16u_firmware | - | |
| asus | dsl-n16u | - | |
| asus | dsl-n17u_firmware | - | |
| asus | dsl-n17u | - | |
| asus | dsl-n66u_firmware | - | |
| asus | dsl-n66u | - | |
| asus | dsl-ac750_firmware | - | |
| asus | dsl-ac750 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac51_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "606B05F7-7697-407B-923D-DB9125C9E9D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC348F1-6C46-4637-A27F-D69DD1AC77F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac52u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9A9BD5-BCE8-4DBC-B615-AAF9CEE2C8AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac52u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60CC5443-8FEE-4BDB-B775-A1C7CE0021A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac55u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB82EB29-4348-48B3-92E9-59AF27041069",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac55u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84685B17-E252-4519-B857-81717DD21CE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n55u_c1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4F8FC8-B153-45AA-A70A-4AF23C171FB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n55u_c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABC6E2A-73FE-42E1-A8D5-08B894C39AA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n55u_d1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C84C544-1C39-4936-B49C-6C01622FD620",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n55u_d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AF8875-4CCB-4C9E-9056-DEC84168B762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac56u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2953F9-5E62-4508-9434-4A8FB1739F62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22236F8C-F904-447A-8E7E-C8D56D5B673F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n10_c1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "909103A0-1F5E-4587-8357-715412FFFE38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n10_c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "066A3EE0-FEDD-4D77-8B8F-914838378D4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n12u_c1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9129F191-9999-4ECF-892F-0EA0363F79BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n12u_c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F157F-CFDE-4662-954F-C6B2FD53B373",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n12e_c1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA74206-AD82-4CA0-82EB-E2FA6854BFA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n12e_c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6C48CD-4BC0-4355-969E-1C22A58D7FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n14u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "292D7A66-FCE7-466D-9910-4F968E7D157A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n14u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D811DE13-0D12-4CDC-B74A-B873817DC8B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n14u-b1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E42CE2E-9357-4E54-9503-3A00ADFF279F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n14u-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A0D00F-263F-4CFF-928D-6C39FD947A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n16_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D346B8AE-2E16-4AD8-8E32-212C206D6947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF90D44-4CD7-4166-A139-9F4A8D14F483",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n16u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E39DC19-6FB6-4498-9367-7856604DDD9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n16u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7227CEBF-FE58-4EB1-B679-9369DF2801A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n17u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9C64DD-8913-4DEC-BA85-538F2D4F5026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n17u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49D25115-DC83-4A67-8680-BC14BC40EFE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n66u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "425A53CC-5FE1-4A5C-86E3-DF23672CFB77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB16A3-1D51-4FA9-8012-4008021772E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac750_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C429544-E8AA-44FE-8B2C-E7AE563A1435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E54AD746-EEEE-4987-B343-36328D638398",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp."
},
{
"lang": "es",
"value": "Los routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que atacantes remotos cambien las contrase\u00f1as de usuarios arbitrarios mediante el par\u00e1metro http_passwd en mod_login.asp."
}
],
"id": "CVE-2017-14698",
"lastModified": "2024-11-21T03:13:20.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-29T16:29:00.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14699
Vulnerability from fkie_nvd - Published: 2018-01-29 16:29 - Updated: 2024-11-21 03:13
Severity ?
Summary
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | dsl-ac51_firmware | - | |
| asus | dsl-ac51 | - | |
| asus | dsl-ac52u_firmware | - | |
| asus | dsl-ac52u | - | |
| asus | dsl-ac55u_firmware | - | |
| asus | dsl-ac55u | - | |
| asus | dsl-n55u_c1_firmware | - | |
| asus | dsl-n55u_c1 | - | |
| asus | dsl-n55u_d1_firmware | - | |
| asus | dsl-n55u_d1 | - | |
| asus | dsl-ac56u_firmware | - | |
| asus | dsl-ac56u | - | |
| asus | dsl-n10_c1_firmware | - | |
| asus | dsl-n10_c1 | - | |
| asus | dsl-n12u_c1_firmware | - | |
| asus | dsl-n12u_c1 | - | |
| asus | dsl-n12e_c1_firmware | - | |
| asus | dsl-n12e_c1 | - | |
| asus | dsl-n14u_firmware | - | |
| asus | dsl-n14u | - | |
| asus | dsl-n14u-b1_firmware | - | |
| asus | dsl-n14u-b1 | - | |
| asus | dsl-n16_firmware | - | |
| asus | dsl-n16 | - | |
| asus | dsl-n16u_firmware | - | |
| asus | dsl-n16u | - | |
| asus | dsl-n17u_firmware | - | |
| asus | dsl-n17u | - | |
| asus | dsl-n66u_firmware | - | |
| asus | dsl-n66u | - | |
| asus | dsl-ac750_firmware | - | |
| asus | dsl-ac750 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac51_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "606B05F7-7697-407B-923D-DB9125C9E9D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC348F1-6C46-4637-A27F-D69DD1AC77F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac52u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9A9BD5-BCE8-4DBC-B615-AAF9CEE2C8AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac52u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60CC5443-8FEE-4BDB-B775-A1C7CE0021A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac55u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB82EB29-4348-48B3-92E9-59AF27041069",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac55u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84685B17-E252-4519-B857-81717DD21CE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n55u_c1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4F8FC8-B153-45AA-A70A-4AF23C171FB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n55u_c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABC6E2A-73FE-42E1-A8D5-08B894C39AA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n55u_d1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C84C544-1C39-4936-B49C-6C01622FD620",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n55u_d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AF8875-4CCB-4C9E-9056-DEC84168B762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac56u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2953F9-5E62-4508-9434-4A8FB1739F62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22236F8C-F904-447A-8E7E-C8D56D5B673F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n10_c1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "909103A0-1F5E-4587-8357-715412FFFE38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n10_c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "066A3EE0-FEDD-4D77-8B8F-914838378D4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n12u_c1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9129F191-9999-4ECF-892F-0EA0363F79BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n12u_c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821F157F-CFDE-4662-954F-C6B2FD53B373",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n12e_c1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA74206-AD82-4CA0-82EB-E2FA6854BFA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n12e_c1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6C48CD-4BC0-4355-969E-1C22A58D7FDF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n14u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "292D7A66-FCE7-466D-9910-4F968E7D157A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n14u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D811DE13-0D12-4CDC-B74A-B873817DC8B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n14u-b1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E42CE2E-9357-4E54-9503-3A00ADFF279F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n14u-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A0D00F-263F-4CFF-928D-6C39FD947A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n16_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D346B8AE-2E16-4AD8-8E32-212C206D6947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF90D44-4CD7-4166-A139-9F4A8D14F483",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n16u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E39DC19-6FB6-4498-9367-7856604DDD9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n16u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7227CEBF-FE58-4EB1-B679-9369DF2801A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n17u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9C64DD-8913-4DEC-BA85-538F2D4F5026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n17u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49D25115-DC83-4A67-8680-BC14BC40EFE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-n66u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "425A53CC-5FE1-4A5C-86E3-DF23672CFB77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-n66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB16A3-1D51-4FA9-8012-4008021772E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:dsl-ac750_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C429544-E8AA-44FE-8B2C-E7AE563A1435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E54AD746-EEEE-4987-B343-36328D638398",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XEE (XML External Entity) en la caracter\u00edstica AiCloud en routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que usuarios autenticados remotos lean archivos arbitrarios mediante un DTD manipulado en una petici\u00f3n (1) UPDATEACCOUNT o (2) PROPFIND."
}
],
"id": "CVE-2017-14699",
"lastModified": "2024-11-21T03:13:20.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-29T16:29:00.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-15887 (GCVE-0-2018-15887)
Vulnerability from cvelistv5 – Published: 2018-08-27 15:00 – Updated: 2024-08-05 10:10
VLAI?
Summary
Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:10:04.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fakhrizulkifli.github.io/CVE-2018-15887.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-27T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fakhrizulkifli.github.io/CVE-2018-15887.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fakhrizulkifli.github.io/CVE-2018-15887.html",
"refsource": "MISC",
"url": "https://fakhrizulkifli.github.io/CVE-2018-15887.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15887",
"datePublished": "2018-08-27T15:00:00",
"dateReserved": "2018-08-26T00:00:00",
"dateUpdated": "2024-08-05T10:10:04.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14699 (GCVE-0-2017-14699)
Vulnerability from cvelistv5 – Published: 2018-01-29 16:00 – Updated: 2024-08-05 19:34
VLAI?
Summary
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-29T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/",
"refsource": "MISC",
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"name": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/",
"refsource": "CONFIRM",
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14699",
"datePublished": "2018-01-29T16:00:00",
"dateReserved": "2017-09-22T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14698 (GCVE-0-2017-14698)
Vulnerability from cvelistv5 – Published: 2018-01-29 16:00 – Updated: 2024-08-05 19:34
VLAI?
Summary
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-29T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/",
"refsource": "MISC",
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"name": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/",
"refsource": "CONFIRM",
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14698",
"datePublished": "2018-01-29T16:00:00",
"dateReserved": "2017-09-22T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15887 (GCVE-0-2018-15887)
Vulnerability from nvd – Published: 2018-08-27 15:00 – Updated: 2024-08-05 10:10
VLAI?
Summary
Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:10:04.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fakhrizulkifli.github.io/CVE-2018-15887.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-27T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fakhrizulkifli.github.io/CVE-2018-15887.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fakhrizulkifli.github.io/CVE-2018-15887.html",
"refsource": "MISC",
"url": "https://fakhrizulkifli.github.io/CVE-2018-15887.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15887",
"datePublished": "2018-08-27T15:00:00",
"dateReserved": "2018-08-26T00:00:00",
"dateUpdated": "2024-08-05T10:10:04.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14699 (GCVE-0-2017-14699)
Vulnerability from nvd – Published: 2018-01-29 16:00 – Updated: 2024-08-05 19:34
VLAI?
Summary
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-29T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/",
"refsource": "MISC",
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"name": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/",
"refsource": "CONFIRM",
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14699",
"datePublished": "2018-01-29T16:00:00",
"dateReserved": "2017-09-22T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14698 (GCVE-0-2017-14698)
Vulnerability from nvd – Published: 2018-01-29 16:00 – Updated: 2024-08-05 19:34
VLAI?
Summary
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-29T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/",
"refsource": "MISC",
"url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
},
{
"name": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/",
"refsource": "CONFIRM",
"url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14698",
"datePublished": "2018-01-29T16:00:00",
"dateReserved": "2017-09-22T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}