CVE-2024-3912 – ASUS Router - Upload arbitrary firmware
https://notcve.org/view.php?id=CVE-2024-3912
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. Ciertos modelos de enrutadores ASUS tienen una vulnerabilidad de carga de firmware arbitraria. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios del sistema en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-14699
https://notcve.org/view.php?id=CVE-2017-14699
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. Múltiples vulnerabilidades de XEE (XML External Entity) en la característica AiCloud en routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que usuarios autenticados remotos lean archivos arbitrarios mediante un DTD manipulado en una petición (1) UPDATEACCOUNT o (2) PROPFIND. • https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2017-14698
https://notcve.org/view.php?id=CVE-2017-14698
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. Los routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que atacantes remotos cambien las contraseñas de usuarios arbitrarios mediante el parámetro http_passwd en mod_login.asp. • https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers • CWE-287: Improper Authentication •