First published: Wed Aug 26 2020(Updated: )
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Rt-ac1900p Firmware | <3.0.0.4.385.20253 | |
ASUS RT-AC1900P |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15498 is a vulnerability found in ASUS RT-AC1900P routers before version 3.0.0.4.385_20253.
CVE-2020-15498 has a severity rating of 5.9, which is considered medium.
CVE-2020-15498 allows an arbitrary server certificate to be accepted for a firmware update, potentially leading to unauthorized access or malicious firmware installation.
ASUS RT-AC1900P routers before version 3.0.0.4.385_20253 are vulnerable to CVE-2020-15498.
To fix CVE-2020-15498, update the ASUS RT-AC1900P router to version 3.0.0.4.385_20253 or later.