JSONP Information Disclosure in ASUS Network Devices
CVE-2017-5892

7.5HIGH

Key Information:

Vendor: Asus
Status: Rt-ac1750 Firmware
Vendor: CVE Published:; 10 May 2017

What is CVE-2017-5892?

Certain ASUS RT-AC and RT-N series routers with firmware prior to version 3.0.0.4.380.7378 exhibit a vulnerability that allows attackers to exploit JSONP functionality. This exploit facilitates unauthorized information disclosure, including sensitive data such as network maps, potentially compromising the security of the device and the network it protects.

References

https://wwws.nightwatchcybersecurity.com/2017/05/09/multi...

x_refsource_MISC

https://www.asus.com/support/Download/11/2/0/161/45/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2017
Vulnerability Reserved
Feb 6, 2017

Asus

What is CVE-2017-5892?

References

CVSS V3.1

Timeline