SQL Injection Flaw in ASUS RT-AC68U Router Firmware
CVE-2021-37316

7.5HIGH

Key Information:

Vendor: Asus
Status: Rt-ac68u Firmware
Vendor: CVE Published:; 3 February 2023

What is CVE-2021-37316?

The ASUS RT-AC68U router has an SQL injection vulnerability in its Cloud Disk feature, present in firmware versions prior to 3.0.0.4.386.41634. This flaw allows remote attackers to execute unauthorized SQL queries, which can lead to the exposure of sensitive information, including user credentials stored in the /etc/shadow file. Such a compromise can significantly undermine the privacy and security of the users relying on this device for their network connectivity.

References

https://robertchen.cc/blog/2021/03/31/asus-rce

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Jul 21, 2021

Asus

What is CVE-2021-37316?

References

CVSS V3.1

Timeline