CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12593
https://notcve.org/view.php?id=CVE-2017-12593
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. Los dispositivos ASUS DSL-N10S V2.1.16_APAC permiten que se realicen ataques de tipo Cross-Site Request Forgery (CSRF). • https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12592
https://notcve.org/view.php?id=CVE-2017-12592
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. Los dispositivos ASUS DSL-N10S V2.1.16_APAC tienen una vulnerabilidad de escalado de privilegios. Un usuario normal podría escalar sus privilegios y llevar a cabo acciones administrativas. • https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12591
https://notcve.org/view.php?id=CVE-2017-12591
ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. Los dispositivos ASUS DSL-N10S V2.1.16_APAC reflejan una vulnerabilidad de Cross-Site Scripting (XSS), tal y como se puede ver en el parámetro snmpSysName. • https://iscouncil.blogspot.com/2017/08/multiple-vulnerabilities-in-asus.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •