FKIE_CVE-2017-14699

Vulnerability from fkie_nvd - Published: 2018-01-29 16:29 - Updated: 2024-11-21 03:13
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
References
cve@mitre.orghttps://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/Patch, Vendor Advisory
cve@mitre.orghttps://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/Broken Link
af854a3a-2127-422b-91ae-364da2661108https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/Broken Link
Impacted products
Vendor Product Version
asus dsl-ac51_firmware -
asus dsl-ac51 -
asus dsl-ac52u_firmware -
asus dsl-ac52u -
asus dsl-ac55u_firmware -
asus dsl-ac55u -
asus dsl-n55u_c1_firmware -
asus dsl-n55u_c1 -
asus dsl-n55u_d1_firmware -
asus dsl-n55u_d1 -
asus dsl-ac56u_firmware -
asus dsl-ac56u -
asus dsl-n10_c1_firmware -
asus dsl-n10_c1 -
asus dsl-n12u_c1_firmware -
asus dsl-n12u_c1 -
asus dsl-n12e_c1_firmware -
asus dsl-n12e_c1 -
asus dsl-n14u_firmware -
asus dsl-n14u -
asus dsl-n14u-b1_firmware -
asus dsl-n14u-b1 -
asus dsl-n16_firmware -
asus dsl-n16 -
asus dsl-n16u_firmware -
asus dsl-n16u -
asus dsl-n17u_firmware -
asus dsl-n17u -
asus dsl-n66u_firmware -
asus dsl-n66u -
asus dsl-ac750_firmware -
asus dsl-ac750 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-ac51_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "606B05F7-7697-407B-923D-DB9125C9E9D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC348F1-6C46-4637-A27F-D69DD1AC77F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-ac52u_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA9A9BD5-BCE8-4DBC-B615-AAF9CEE2C8AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-ac52u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CC5443-8FEE-4BDB-B775-A1C7CE0021A2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-ac55u_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB82EB29-4348-48B3-92E9-59AF27041069",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-ac55u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84685B17-E252-4519-B857-81717DD21CE7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n55u_c1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E4F8FC8-B153-45AA-A70A-4AF23C171FB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n55u_c1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ABC6E2A-73FE-42E1-A8D5-08B894C39AA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n55u_d1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C84C544-1C39-4936-B49C-6C01622FD620",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n55u_d1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AF8875-4CCB-4C9E-9056-DEC84168B762",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-ac56u_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD2953F9-5E62-4508-9434-4A8FB1739F62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-ac56u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22236F8C-F904-447A-8E7E-C8D56D5B673F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n10_c1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "909103A0-1F5E-4587-8357-715412FFFE38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n10_c1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "066A3EE0-FEDD-4D77-8B8F-914838378D4A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n12u_c1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9129F191-9999-4ECF-892F-0EA0363F79BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n12u_c1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "821F157F-CFDE-4662-954F-C6B2FD53B373",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n12e_c1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA74206-AD82-4CA0-82EB-E2FA6854BFA7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n12e_c1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A6C48CD-4BC0-4355-969E-1C22A58D7FDF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n14u_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "292D7A66-FCE7-466D-9910-4F968E7D157A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n14u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D811DE13-0D12-4CDC-B74A-B873817DC8B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n14u-b1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E42CE2E-9357-4E54-9503-3A00ADFF279F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n14u-b1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A0D00F-263F-4CFF-928D-6C39FD947A6B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n16_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D346B8AE-2E16-4AD8-8E32-212C206D6947",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDF90D44-4CD7-4166-A139-9F4A8D14F483",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n16u_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E39DC19-6FB6-4498-9367-7856604DDD9D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n16u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7227CEBF-FE58-4EB1-B679-9369DF2801A2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n17u_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C9C64DD-8913-4DEC-BA85-538F2D4F5026",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n17u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D25115-DC83-4A67-8680-BC14BC40EFE6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-n66u_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "425A53CC-5FE1-4A5C-86E3-DF23672CFB77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-n66u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4CB16A3-1D51-4FA9-8012-4008021772E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:dsl-ac750_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C429544-E8AA-44FE-8B2C-E7AE563A1435",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54AD746-EEEE-4987-B343-36328D638398",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XEE (XML External Entity) en la caracter\u00edstica AiCloud en routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que usuarios autenticados remotos lean archivos arbitrarios mediante un DTD manipulado en una petici\u00f3n (1) UPDATEACCOUNT o (2) PROPFIND."
    }
  ],
  "id": "CVE-2017-14699",
  "lastModified": "2024-11-21T03:13:20.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-29T16:29:00.357",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.