Plaintext Password Storage in Asus Routers by ASUS
CVE-2017-15656

8.8HIGH

Key Information:

Vendor: Asus
Status: Asuswrt
Vendor: CVE Published:; 31 January 2018

Summary

A significant flaw in the Asuswrt firmware allows passwords to be stored in plaintext within the device's nvram. This vulnerability affects all versions up to 3.0.0.4.380.7743, potentially exposing sensitive information to unauthorized individuals accessing the HTTPd server. Users are urged to take immediate measures to secure their devices and keep their firmware up to date.

References

http://seclists.org/fulldisclosure/2018/Jan/63

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2018
Vulnerability Reserved
Oct 19, 2017