CVE-2017-14699 Information
Feb 14, 2021
cve
Description
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51 DSL-AC52U DSL-AC55U DSL-N55U C1 DSL-N55U D1 DSL-AC56U DSL-N10_C1 DSL-N12U C1 DSL-N12E C1 DSL-N14U DSL-N14U-B1 DSL-N16 DSL-N16U DSL-N17U DSL-N66U and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Reference
https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/ https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
6.5
Share on: