medium
6.5
CWE
611
Advisory Published
Updated

CVE-2017-14699: XEE

First published: Mon Jan 29 2018(Updated: )

Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ASUS DSL-AC51 firmware
ASUS DSL-AC51
ASUS DSL-AC52U firmware
ASUS DSL-AC52U
ASUS DSL-AC55U firmware
ASUS DSL-AC55U
ASUS DSL-N55U C1 firmware
ASUS DSL-N55U C1
ASUS DSL-N55U D1 firmware
ASUS DSL-N55U D1
ASUS DSL-AC56U firmware
ASUS DSL-AC56U
ASUS DSL-N10 C1 firmware
ASUS DSL-N10 C1
ASUS DSL-N12U C1 firmware
ASUS DSL-N12U C1
ASUS DSL-N12E C1 firmware
ASUS DSL-N12E C1
ASUS DSL-N14U firmware
ASUS DSL-N14U firmware
ASUS DSL-N14U-B1 firmware
ASUS DSL-N14U-B1 firmware
ASUS DSL-N16 firmware
ASUS DSL-N16
ASUS DSL-N16U firmware
ASUS DSL-N16U firmware
ASUS DSL-N17U firmware
ASUS DSL-N17U firmware
ASUS DSL-N66U firmware
ASUS DSL-N66U
ASUS DSL-AC750
ASUS DSL-AC750 firmware

Remedy

https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2017-14699?

    CVE-2017-14699 is a vulnerability found in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers.

  • What is the severity of CVE-2017-14699?

    CVE-2017-14699 has a severity rating of 6.5 (Medium).

  • How does CVE-2017-14699 affect ASUS routers?

    CVE-2017-14699 affects ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers by making them vulnerable to XML external entity (XXE) attacks through the AiCloud feature.

  • Are ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers vulnerable to CVE-2017-14699?

    No, ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers are not vulnerable to CVE-2017-14699 as indicated by their respective CPE values.

  • How can I fix the CVE-2017-14699 vulnerability in my ASUS router?

    To fix the CVE-2017-14699 vulnerability, it is recommended to update the firmware of your ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, or DSL-AC750 router to the latest version available from the ASUS website.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203