CSRF Vulnerabilities in ASUS RT-AC and RT-N Series Routers
CVE-2017-5891

8.8HIGH

Key Information:

Vendor: Asus
Status: Rt-ac1750 Firmware
Vendor: CVE Published:; 10 May 2017

Summary

ASUS RT-AC and RT-N series routers exhibit vulnerabilities that allow attackers to exploit Cross-Site Request Forgery (CSRF) on critical functions such as the login page and settings-saving capabilities. If users access a malicious website, an attacker could send unauthorized commands to these routers, potentially resulting in altered settings or unauthorized configuration changes. Users are strongly advised to update their firmware to the latest version to mitigate exposure to these vulnerabilities.

References

https://wwws.nightwatchcybersecurity.com/2017/05/09/multi...

x_refsource_MISC

https://www.asus.com/support/Download/11/2/0/161/45/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2017
Vulnerability Reserved
Feb 6, 2017