// For flags

CVE-2017-14699

 

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.

Múltiples vulnerabilidades de XEE (XML External Entity) en la característica AiCloud en routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que usuarios autenticados remotos lean archivos arbitrarios mediante un DTD manipulado en una petición (1) UPDATEACCOUNT o (2) PROPFIND.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-09-22 CVE Reserved
  • 2018-01-29 CVE Published
  • 2024-03-26 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Asus
Search vendor "Asus"
Dsl-ac51 Firmware
Search vendor "Asus" for product "Dsl-ac51 Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-ac51
Search vendor "Asus" for product "Dsl-ac51"
--
Safe
Asus
Search vendor "Asus"
Dsl-ac52u Firmware
Search vendor "Asus" for product "Dsl-ac52u Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-ac52u
Search vendor "Asus" for product "Dsl-ac52u"
--
Safe
Asus
Search vendor "Asus"
Dsl-ac55u Firmware
Search vendor "Asus" for product "Dsl-ac55u Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-ac55u
Search vendor "Asus" for product "Dsl-ac55u"
--
Safe
Asus
Search vendor "Asus"
Dsl-n55u C1 Firmware
Search vendor "Asus" for product "Dsl-n55u C1 Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n55u C1
Search vendor "Asus" for product "Dsl-n55u C1"
--
Safe
Asus
Search vendor "Asus"
Dsl-n55u D1 Firmware
Search vendor "Asus" for product "Dsl-n55u D1 Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n55u D1
Search vendor "Asus" for product "Dsl-n55u D1"
--
Safe
Asus
Search vendor "Asus"
Dsl-ac56u Firmware
Search vendor "Asus" for product "Dsl-ac56u Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-ac56u
Search vendor "Asus" for product "Dsl-ac56u"
--
Safe
Asus
Search vendor "Asus"
Dsl-n10 C1 Firmware
Search vendor "Asus" for product "Dsl-n10 C1 Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n10 C1
Search vendor "Asus" for product "Dsl-n10 C1"
--
Safe
Asus
Search vendor "Asus"
Dsl-n12u C1 Firmware
Search vendor "Asus" for product "Dsl-n12u C1 Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n12u C1
Search vendor "Asus" for product "Dsl-n12u C1"
--
Safe
Asus
Search vendor "Asus"
Dsl-n12e C1 Firmware
Search vendor "Asus" for product "Dsl-n12e C1 Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n12e C1
Search vendor "Asus" for product "Dsl-n12e C1"
--
Safe
Asus
Search vendor "Asus"
Dsl-n14u Firmware
Search vendor "Asus" for product "Dsl-n14u Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n14u
Search vendor "Asus" for product "Dsl-n14u"
--
Safe
Asus
Search vendor "Asus"
Dsl-n14u-b1 Firmware
Search vendor "Asus" for product "Dsl-n14u-b1 Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n14u-b1
Search vendor "Asus" for product "Dsl-n14u-b1"
--
Safe
Asus
Search vendor "Asus"
Dsl-n16 Firmware
Search vendor "Asus" for product "Dsl-n16 Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n16
Search vendor "Asus" for product "Dsl-n16"
--
Safe
Asus
Search vendor "Asus"
Dsl-n16u Firmware
Search vendor "Asus" for product "Dsl-n16u Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n16u
Search vendor "Asus" for product "Dsl-n16u"
--
Safe
Asus
Search vendor "Asus"
Dsl-n17u Firmware
Search vendor "Asus" for product "Dsl-n17u Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n17u
Search vendor "Asus" for product "Dsl-n17u"
--
Safe
Asus
Search vendor "Asus"
Dsl-n66u Firmware
Search vendor "Asus" for product "Dsl-n66u Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-n66u
Search vendor "Asus" for product "Dsl-n66u"
--
Safe
Asus
Search vendor "Asus"
Dsl-ac750 Firmware
Search vendor "Asus" for product "Dsl-ac750 Firmware"
--
Affected
in Asus
Search vendor "Asus"
Dsl-ac750
Search vendor "Asus" for product "Dsl-ac750"
--
Safe