CVE-2017-14698 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2017-14698

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-29 Jan, 2018 | 16:29

Updated At-03 Oct, 2019 | 00:03

ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

ASUS (ASUSTeK Computer Inc.)

>>dsl-ac51_firmware>>-

cpe:2.3:o:asus:dsl-ac51_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-ac52u_firmware>>-

cpe:2.3:o:asus:dsl-ac52u_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-ac52u:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-ac55u_firmware>>-

cpe:2.3:o:asus:dsl-ac55u_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-ac55u:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n55u_c1_firmware>>-

cpe:2.3:o:asus:dsl-n55u_c1_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n55u_c1>>-

cpe:2.3:h:asus:dsl-n55u_c1:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n55u_d1_firmware>>-

cpe:2.3:o:asus:dsl-n55u_d1_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n55u_d1>>-

cpe:2.3:h:asus:dsl-n55u_d1:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-ac56u_firmware>>-

cpe:2.3:o:asus:dsl-ac56u_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-ac56u:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n10_c1_firmware>>-

cpe:2.3:o:asus:dsl-n10_c1_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n10_c1>>-

cpe:2.3:h:asus:dsl-n10_c1:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n12u_c1_firmware>>-

cpe:2.3:o:asus:dsl-n12u_c1_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n12u_c1>>-

cpe:2.3:h:asus:dsl-n12u_c1:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n12e_c1_firmware>>-

cpe:2.3:o:asus:dsl-n12e_c1_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n12e_c1>>-

cpe:2.3:h:asus:dsl-n12e_c1:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n14u_firmware>>-

cpe:2.3:o:asus:dsl-n14u_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-n14u:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n14u-b1_firmware>>-

cpe:2.3:o:asus:dsl-n14u-b1_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n14u-b1>>-

cpe:2.3:h:asus:dsl-n14u-b1:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n16_firmware>>-

cpe:2.3:o:asus:dsl-n16_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n16u_firmware>>-

cpe:2.3:o:asus:dsl-n16u_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-n16u:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n17u_firmware>>-

cpe:2.3:o:asus:dsl-n17u_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-n17u:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-n66u_firmware>>-

cpe:2.3:o:asus:dsl-n66u_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-n66u:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

>>dsl-ac750_firmware>>-

cpe:2.3:o:asus:dsl-ac750_firmware:-:*:*:*:*:*:*:*

ASUS (ASUSTeK Computer Inc.)

cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/	cve@mitre.org	Patch Vendor Advisory
https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/	cve@mitre.org	Broken Link