Remote Access Vulnerability in ASUS DSL-N17U Modem Firmware
CVE-2020-35219

9.8CRITICAL

Key Information:

Vendor: Asus
Status: Dsl-n17u Firmware
Vendor: CVE Published:; 4 January 2021

Summary

The ASUS DSL-N17U modem with firmware version 1.1.0.2 is susceptible to a vulnerability that allows unauthorized attackers to gain access to the admin interface by manipulating the admin password without the need for authentication. This is accomplished through a crafted POST request to the Advanced_System_Content.asp page, which can alter critical settings without user validation. If exploited, this vulnerability can lead to unauthorized control over the modem, potentially impacting the security of the network it manages.

References

https://www.asus.com/Networking-IoT-Servers/Modem-LTE-Rou...

x_refsource_MISC

https://securityforeveryone.com/blog/asus-dsl-n17u-model-...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2021
Vulnerability Reserved
Dec 13, 2020