6.5
CVE-2017-14699
- EPSS 0.32%
- Veröffentlicht 29.01.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:13:20
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asus ≫ Dsl-ac51 Firmware Version-
Asus ≫ Dsl-ac52u Firmware Version-
Asus ≫ Dsl-ac55u Firmware Version-
Asus ≫ Dsl-n55u C1 Firmware Version-
Asus ≫ Dsl-n55u D1 Firmware Version-
Asus ≫ Dsl-ac56u Firmware Version-
Asus ≫ Dsl-n10 C1 Firmware Version-
Asus ≫ Dsl-n12u C1 Firmware Version-
Asus ≫ Dsl-n12e C1 Firmware Version-
Asus ≫ Dsl-n14u Firmware Version-
Asus ≫ Dsl-n14u-b1 Firmware Version-
Asus ≫ Dsl-n16 Firmware Version-
Asus ≫ Dsl-n16u Firmware Version-
Asus ≫ Dsl-n17u Firmware Version-
Asus ≫ Dsl-n66u Firmware Version-
Asus ≫ Dsl-ac750 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.54 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.