Sign-up

ID

VAR-201808-1088


TITLE

ASUS DSL N10 Verification Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-15521

DESCRIPTION

ASUSDSLN10 is a wired and wireless modem router. In the ASUSDSLN10C1 modem firmware version 1.1.2.2_17, the post data has the login_authorization parameter, which is used to authorize access to the management panel. The data of this parameter is not completely random. The attacker can use the old data or other device data access management panel.

Trust: 0.6

sources: CNVD: CNVD-2018-15521

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-15521

AFFECTED PRODUCTS

vendor:asusmodel:dsl n10 1.1.2.2 17scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-15521

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-15521
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2018-15521
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2018-15521

EXTERNAL IDS

db:EXPLOITALERTid:30622

Trust: 0.6

db:CNVDid:CNVD-2018-15521

Trust: 0.6

sources: CNVD: CNVD-2018-15521

REFERENCES

url:https://www.exploitalert.com/view-details.html?id=30622

Trust: 0.6

sources: CNVD: CNVD-2018-15521

SOURCES

db:CNVDid:CNVD-2018-15521

LAST UPDATE DATE

2022-05-17T01:57:39.729000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-15521date:2018-08-17T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-15521date:2018-08-17T00:00:00