First published: Thu Sep 13 2018(Updated: )
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Gt-ac5300 Firmware | <=3.0.0.4.384_32738 | |
ASUS GT-AC5300 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-17023 is a Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738.
CVE-2018-17023 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password.
CVE-2018-17023 has a severity score of 8.8 (high).
To fix CVE-2018-17023, update your router's firmware to a version higher than 3.0.0.4.384_32738.
You can find more information about CVE-2018-17023 at the following reference: https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/csrf_bypass_referer/ASUS%20GT-AC5300%20csrf%20bypass%20referer.MD