Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-14699

Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.

Published

2018-01-29T16:29:00.357

Last Modified

2024-11-21T03:13:20.940

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	asus	dsl-ac51_firmware	-	Yes
Hardware	asus	dsl-ac51	-	No
Operating System	asus	dsl-ac52u_firmware	-	Yes
Hardware	asus	dsl-ac52u	-	No
Operating System	asus	dsl-ac55u_firmware	-	Yes
Hardware	asus	dsl-ac55u	-	No
Operating System	asus	dsl-n55u_c1_firmware	-	Yes
Hardware	asus	dsl-n55u_c1	-	No
Operating System	asus	dsl-n55u_d1_firmware	-	Yes
Hardware	asus	dsl-n55u_d1	-	No
Operating System	asus	dsl-ac56u_firmware	-	Yes
Hardware	asus	dsl-ac56u	-	No
Operating System	asus	dsl-n10_c1_firmware	-	Yes
Hardware	asus	dsl-n10_c1	-	No
Operating System	asus	dsl-n12u_c1_firmware	-	Yes
Hardware	asus	dsl-n12u_c1	-	No
Operating System	asus	dsl-n12e_c1_firmware	-	Yes
Hardware	asus	dsl-n12e_c1	-	No
Operating System	asus	dsl-n14u_firmware	-	Yes
Hardware	asus	dsl-n14u	-	No
Operating System	asus	dsl-n14u-b1_firmware	-	Yes
Hardware	asus	dsl-n14u-b1	-	No
Operating System	asus	dsl-n16_firmware	-	Yes
Hardware	asus	dsl-n16	-	No
Operating System	asus	dsl-n16u_firmware	-	Yes
Hardware	asus	dsl-n16u	-	No
Operating System	asus	dsl-n17u_firmware	-	Yes
Hardware	asus	dsl-n17u	-	No
Operating System	asus	dsl-n66u_firmware	-	Yes
Hardware	asus	dsl-n66u	-	No
Operating System	asus	dsl-ac750_firmware	-	Yes
Hardware	asus	dsl-ac750	-	No

References

https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/ Patch, Vendor Advisory ([email protected])
https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/ Broken Link ([email protected])
https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/ Broken Link (af854a3a-2127-422b-91ae-364da2661108)