CVE-2017-15654 Information
Feb 14, 2021
cve
Description
Highly predictable session tokens in the HTTPd server in all current versions (= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Reference
http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html http://seclists.org/fulldisclosure/2018/Jan/63
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.3
Share on: