Improper Access Control in ASUS RT-AC68U Router Firmware
CVE-2021-37315

9.1CRITICAL

Key Information:

Vendor: Asus
Status: Rt-ac68u Firmware
Vendor: CVE Published:; 3 February 2023

Summary

A vulnerability exists within the ASUS RT-AC68U router firmware, enabling remote attackers to exploit improper sanitation in COPY and MOVE operations. This misconfiguration permits unauthorized file writing, which could lead to further compromises of the system. Regular updates and proper configuration are essential to mitigate potential risks associated with this vulnerability.

References

https://robertchen.cc/blog/2021/03/31/asus-rce

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Jul 21, 2021