CVE-2017-14698 Information

Description

ASUS DSL-AC51 DSL-AC52U DSL-AC55U DSL-N55U C1 DSL-N55U D1 DSL-AC56U DSL-N10_C1 DSL-N12U C1 DSL-N12E C1 DSL-N14U DSL-N14U-B1 DSL-N16 DSL-N16U DSL-N17U DSL-N66U and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/ https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8