// For flags

CVE-2020-35219

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings.

El módem ASUS DSL-N17U con versiones de firmware 1.1.0.2, permite a atacantes acceder a la interfaz de administración al cambiar la contraseña de administrador sin autenticación por medio de una petición POST para el archivo Advanced_System_Content.asp con las subcadenas uiViewTools_username=admin&uiViewTools_Password= y uiViewTools_PasswordConfirm=.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-13 CVE Reserved
  • 2021-01-04 CVE Published
  • 2023-09-20 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Asus
Search vendor "Asus"
 Dsl-n17u Firmware
Search vendor "Asus" for product "Dsl-n17u Firmware"
 1.1.0.2
Search vendor "Asus" for product "Dsl-n17u Firmware" and version "1.1.0.2"
-
Affected
in Asus
Search vendor "Asus"
 Dsl-n17u
Search vendor "Asus" for product "Dsl-n17u"
--
Safe