CVE-2017-14699

Name of the Vulnerable Software and Affected Versions: ASUS DSL-AC51 versions (affected versions not specified) ASUS DSL-AC52U versions (affected versions not specified) ASUS DSL-AC55U versions (affected versions not specified) ASUS DSL-N55U C1 versions (affected versions not specified) ASUS DSL-N55U D1 versions (affected versions not specified) ASUS DSL-AC56U versions (affected versions not specified) ASUS DSL-N10 C1 versions (affected versions not specified) ASUS DSL-N12U C1 versions (affected versions not specified) ASUS DSL-N12E C1 versions (affected versions not specified) ASUS DSL-N14U versions (affected versions not specified) ASUS DSL-N14U-B1 versions (affected versions not specified) ASUS DSL-N16 versions (affected versions not specified) ASUS DSL-N16U versions (affected versions not specified) ASUS DSL-N17U versions (affected versions not specified) ASUS DSL-N66U versions (affected versions not specified) ASUS DSL-AC750 versions (affected versions not specified)

Description: The issue concerns multiple XML external entity (XXE) vulnerabilities in the AiCloud feature of various ASUS routers. These vulnerabilities allow remote authenticated users to read arbitrary files via a crafted DTD in either an UPDATEACCOUNT or a PROPFIND request.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.