9.8

CVE-2017-14698

ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.

Data is provided by the National Vulnerability Database (NVD)
AsusDsl-ac51 Firmware Version-
   AsusDsl-ac51 Version-
AsusDsl-ac52u Firmware Version-
   AsusDsl-ac52u Version-
AsusDsl-ac55u Firmware Version-
   AsusDsl-ac55u Version-
AsusDsl-n55u C1 Firmware Version-
   AsusDsl-n55u C1 Version-
AsusDsl-n55u D1 Firmware Version-
   AsusDsl-n55u D1 Version-
AsusDsl-ac56u Firmware Version-
   AsusDsl-ac56u Version-
AsusDsl-n10 C1 Firmware Version-
   AsusDsl-n10 C1 Version-
AsusDsl-n12u C1 Firmware Version-
   AsusDsl-n12u C1 Version-
AsusDsl-n12e C1 Firmware Version-
   AsusDsl-n12e C1 Version-
AsusDsl-n14u Firmware Version-
   AsusDsl-n14u Version-
AsusDsl-n14u-b1 Firmware Version-
   AsusDsl-n14u-b1 Version-
AsusDsl-n16 Firmware Version-
   AsusDsl-n16 Version-
AsusDsl-n16u Firmware Version-
   AsusDsl-n16u Version-
AsusDsl-n17u Firmware Version-
   AsusDsl-n17u Version-
AsusDsl-n66u Firmware Version-
   AsusDsl-n66u Version-
AsusDsl-ac750 Firmware Version-
   AsusDsl-ac750 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.45% 0.628
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.