CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12593
https://notcve.org/view.php?id=CVE-2017-12593
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. Los dispositivos ASUS DSL-N10S V2.1.16_APAC permiten que se realicen ataques de tipo Cross-Site Request Forgery (CSRF). • https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12592
https://notcve.org/view.php?id=CVE-2017-12592
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. Los dispositivos ASUS DSL-N10S V2.1.16_APAC tienen una vulnerabilidad de escalado de privilegios. Un usuario normal podría escalar sus privilegios y llevar a cabo acciones administrativas. • https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12591
https://notcve.org/view.php?id=CVE-2017-12591
ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. Los dispositivos ASUS DSL-N10S V2.1.16_APAC reflejan una vulnerabilidad de Cross-Site Scripting (XSS), tal y como se puede ver en el parámetro snmpSysName. • https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8878
https://notcve.org/view.php?id=CVE-2017-8878
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. Dispositivos ASUS RT-AC* y RT-N* con firmwares anteriores a 3.0.0.4.380.7378 permiten a usuarios remotos no autenticados descubrir la contraseña de WIFI a través de WPS_info.xml • https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8877
https://notcve.org/view.php?id=CVE-2017-8877
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. Dispositivos ASUS RT-AC* y RT-N* con firmware 3.0.0.4.380.7378 y anteriores permiten obtener información JSONP como el SSID. • https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •