6.5

CVE-2017-14699

Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.

Data is provided by the National Vulnerability Database (NVD)
AsusDsl-ac51 Firmware Version-
   AsusDsl-ac51 Version-
AsusDsl-ac52u Firmware Version-
   AsusDsl-ac52u Version-
AsusDsl-ac55u Firmware Version-
   AsusDsl-ac55u Version-
AsusDsl-n55u C1 Firmware Version-
   AsusDsl-n55u C1 Version-
AsusDsl-n55u D1 Firmware Version-
   AsusDsl-n55u D1 Version-
AsusDsl-ac56u Firmware Version-
   AsusDsl-ac56u Version-
AsusDsl-n10 C1 Firmware Version-
   AsusDsl-n10 C1 Version-
AsusDsl-n12u C1 Firmware Version-
   AsusDsl-n12u C1 Version-
AsusDsl-n12e C1 Firmware Version-
   AsusDsl-n12e C1 Version-
AsusDsl-n14u Firmware Version-
   AsusDsl-n14u Version-
AsusDsl-n14u-b1 Firmware Version-
   AsusDsl-n14u-b1 Version-
AsusDsl-n16 Firmware Version-
   AsusDsl-n16 Version-
AsusDsl-n16u Firmware Version-
   AsusDsl-n16u Version-
AsusDsl-n17u Firmware Version-
   AsusDsl-n17u Version-
AsusDsl-n66u Firmware Version-
   AsusDsl-n66u Version-
AsusDsl-ac750 Firmware Version-
   AsusDsl-ac750 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.32% 0.54
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.