CVE-2017-14698
https://notcve.org/view.php?id=CVE-2017-14698
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. Los routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que atacantes remotos cambien las contraseñas de usuarios arbitrarios mediante el parámetro http_passwd en mod_login.asp. • https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers • CWE-287: Improper Authentication •
CVE-2018-5999 – AsusWRT LAN - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-5999
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails. Se ha descubierto un problema en versiones anteriores a la 3.0.0.4.384_10007 de AsusWRT. En la función handle_request en router/httpd/httpd.c, el procesamiento de peticiones POST continúa incluso aunque falle la autenticación. AsusWRT Router versions prior to 3.0.0.4.380.7743 suffer from an unauthenticated LAN remote code execution vulnerability. • https://www.exploit-db.com/exploits/44176 https://www.exploit-db.com/exploits/43881 https://blogs.securiteam.com/index.php/archives/3589 https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb https://raw.githubusercontent.com/pedrib/PoC/master/advisories/asuswrt-lan-rce.txt https://seclists.org/fulldisclosure/2018/Jan/78 •
CVE-2018-6000 – AsusWRT LAN - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-6000
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999. Se ha descubierto un problema en versiones anteriores a la 3.0.0.4.384_10007 de AsusWRT. La función do_vpnupload_post en router/httpd/web.c en vpnupload.cgi proporciona funcionalidades para establecer valores de configuración NVRAM, lo que permite que atacantes establezcan la contraseña de administrador e inicien un demonio SSH (o permitan el modo de comandos infosvr) y, en consecuencia, obtengan acceso remoto administrativo mediante una petición manipulada. • https://www.exploit-db.com/exploits/44176 https://www.exploit-db.com/exploits/43881 https://blogs.securiteam.com/index.php/archives/3589 https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb https://raw.githubusercontent.com/pedrib/PoC/master/advisories/asuswrt-lan-rce.txt https://seclists.org/fulldisclosure/2018/Jan/78 • CWE-862: Missing Authorization •
CVE-2017-15654 – ASUSWRT 3.0.0.4.382.18495 Session Hijacking / Information Disclosure
https://notcve.org/view.php?id=CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. Los tokens de sesión altamente predecibles en el servidor HTTPd en todas las versiones actuales (iguales o inferiores a 3.0.0.4.380.7743) de Asus asuswrt permiten obtener acceso administrativo al router. ASUSWRT versions 3.0.0.4.382.18495 and below suffer from predictable session tokens, failed IP validation, plain text password storage, and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html http://seclists.org/fulldisclosure/2018/Jan/63 • CWE-330: Use of Insufficiently Random Values •
CVE-2017-15653 – ASUSWRT 3.0.0.4.382.18495 Session Hijacking / Information Disclosure
https://notcve.org/view.php?id=CVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. La validación indebida de la IP del administrador tras iniciar sesión en el servidor HTTPd en todas las versiones actuales (iguales o inferiores a 3.0.0.4.380.7743) de Asus asuswrt permite que un usuario no autorizado ejecute cualquier acción conociendo el token de administrador mediante el uso de una cadena User-Agent específica. ASUSWRT versions 3.0.0.4.382.18495 and below suffer from predictable session tokens, failed IP validation, plain text password storage, and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html http://seclists.org/fulldisclosure/2018/Jan/63 • CWE-613: Insufficient Session Expiration •