CVE-2017-14698

Name of the Vulnerable Software and Affected Versions: ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10 C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers (affected versions not specified)

Description: The issue allows remote attackers to change passwords of arbitrary users via the http passwd parameter to the "mod login.asp" endpoint.

Recommendations: For all affected routers, as a temporary workaround, consider restricting access to the "mod login.asp" endpoint until a patch is available. Avoid using the http passwd parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.