JSONP Information Disclosure in ASUS RT-AC and RT-N Routers
CVE-2017-8877

6.5MEDIUM

Key Information:

Vendor: Asus
Status: Rt-ac1750 Firmware
Vendor: CVE Published:; 10 May 2017

Summary

ASUS RT-AC and RT-N series routers running firmware versions up to 3.0.0.4.380.7378 are susceptible to a JSONP information disclosure vulnerability. This allows attackers to potentially access sensitive information, such as the service set identifier (SSID), which could be used to compromise network security. Users of affected devices should ensure they update their firmware to mitigate this risk.

References

https://wwws.nightwatchcybersecurity.com/2017/05/09/multi...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2017
Vulnerability Reserved
May 10, 2017