Information Disclosure Vulnerability in RT-AC88U by ASUS
CVE-2020-29656

7.5HIGH

Key Information:

Vendor: Asus
Status: Rt-ac88u Firmware
Vendor: CVE Published:; 9 December 2020

Summary

An information disclosure vulnerability affects the ASUS RT-AC88U Download Master service prior to version 3.1.0.108. This vulnerability allows unauthorized access to specific functionalities through direct access to a URL. By exploiting this flaw, attackers can access sensitive data and expose it to potential misuse. With a known public exploit making the attack relatively straightforward, it’s critical for users to update their firmware to the latest version to mitigate this risk.

References

https://vuldb.com/?id.165677

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2020
Vulnerability Reserved
Dec 9, 2020