Remote Wi-Fi Password Exposure in ASUS Routers
CVE-2017-8878

6.5MEDIUM

Key Information:

Vendor: Asus
Status: Rt-ac1750 Firmware
Vendor: CVE Published:; 10 May 2017

What is CVE-2017-8878?

Certain ASUS RT-AC and RT-N routers with outdated firmware versions are vulnerable to a significant security flaw. This issue allows remote authenticated users to gain unauthorized access to the device's Wi-Fi password by manipulating the WPS_info.xml configuration file. This could lead to unauthorized network access, compromising the security of connected devices and sensitive information. It is crucial for users to upgrade their firmware to the latest version to mitigate this vulnerability.

References

https://wwws.nightwatchcybersecurity.com/2017/05/09/multi...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2017
Vulnerability Reserved
May 10, 2017

Asus

What is CVE-2017-8878?

References

CVSS V3.1

Timeline