critical
9.8
CWE
287
Advisory Published
Updated

CVE-2017-14698

First published: Mon Jan 29 2018(Updated: )

ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Asus Dsl-ac51 Firmware
ASUS DSL-AC51
Asus Dsl-ac52u Firmware
Asus Dsl-ac52u
Asus Dsl-ac55u Firmware
Asus Dsl-ac55u
Asus Dsl-n55u C1 Firmware
Asus Dsl-n55u C1
Asus Dsl-n55u D1 Firmware
Asus Dsl-n55u D1
Asus Dsl-ac56u Firmware
Asus Dsl-ac56u
Asus Dsl-n10 C1 Firmware
Asus Dsl-n10 C1
Asus Dsl-n12u C1 Firmware
Asus Dsl-n12u C1
Asus Dsl-n12e C1 Firmware
Asus Dsl-n12e C1
Asus Dsl-n14u Firmware
Asus Dsl-n14u
Asus Dsl-n14u-b1 Firmware
Asus DSL-N14U-B1
Asus Dsl-n16 Firmware
Asus Dsl-n16
Asus Dsl-n16u Firmware
Asus Dsl-n16u
Asus Dsl-n17u Firmware
ASUS DSL-N17U
Asus Dsl-n66u Firmware
Asus Dsl-n66u
Asus Dsl-ac750 Firmware
Asus Dsl-ac750

Remedy

https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this ASUS router vulnerability?

    The vulnerability ID for this ASUS router vulnerability is CVE-2017-14698.

  • What is the severity of CVE-2017-14698?

    The severity of CVE-2017-14698 is critical with a score of 9.8.

  • Which ASUS router models are affected by CVE-2017-14698?

    ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers are affected by CVE-2017-14698.

  • How can remote attackers exploit CVE-2017-14698?

    Remote attackers can exploit CVE-2017-14698 by changing passwords of arbitrary users using the http_passwd parameter to mod_login.

  • Is there a fix available for CVE-2017-14698?

    Yes, you can find the fix for CVE-2017-14698 on ASUS' official website.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203