CVE-2017-14699: XEE

First published: Mon Jan 29 2018(Updated: )

Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/severity
• agent/weakness
• agent/references
• agent/author
• agent/type
• agent/event
• agent/description
• agent/remedy
• agent/softwarecombine
• agent/last-modified-date
• agent/first-publish-date
• agent/tags
• collector/mitre-cve
• source/MITRE
• vendor/asus
• canonical/asus dsl-ac51 firmware
• canonical/asus dsl-ac51
• canonical/asus dsl-ac52u firmware
• canonical/asus dsl-ac52u
• canonical/asus dsl-ac55u firmware
• canonical/asus dsl-ac55u
• canonical/asus dsl-n55u c1 firmware
• canonical/asus dsl-n55u c1
• canonical/asus dsl-n55u d1 firmware
• canonical/asus dsl-n55u d1
• canonical/asus dsl-ac56u firmware
• canonical/asus dsl-ac56u
• canonical/asus dsl-n10 c1 firmware
• canonical/asus dsl-n10 c1
• canonical/asus dsl-n12u c1 firmware
• canonical/asus dsl-n12u c1
• canonical/asus dsl-n12e c1 firmware
• canonical/asus dsl-n12e c1
• canonical/asus dsl-n14u firmware
• canonical/asus dsl-n14u
• canonical/asus dsl-n14u-b1 firmware
• canonical/asus dsl-n14u-b1
• canonical/asus dsl-n16 firmware
• canonical/asus dsl-n16
• canonical/asus dsl-n16u firmware
• canonical/asus dsl-n16u
• canonical/asus dsl-n17u firmware
• canonical/asus dsl-n17u
• canonical/asus dsl-n66u firmware
• canonical/asus dsl-n66u
• canonical/asus dsl-ac750 firmware
• canonical/asus dsl-ac750