2 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0

Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. Múltiples vulnerabilidades de XEE (XML External Entity) en la característica AiCloud en routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que usuarios autenticados remotos lean archivos arbitrarios mediante un DTD manipulado en una petición (1) UPDATEACCOUNT o (2) PROPFIND. • https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.8EPSS: 0%CPEs: 32EXPL: 0

ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. Los routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que atacantes remotos cambien las contraseñas de usuarios arbitrarios mediante el parámetro http_passwd en mod_login.asp. • https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers • CWE-287: Improper Authentication •