PT-2023-12309 · Asus · Asus Rt-Ac68U

Robert Chen

Publicado

2023-02-03

Atualizado

2023-02-13

CVE-2021-37317

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions ASUS RT-AC68U router firmware versions prior to 3.0.0.4.386.41634

Description The issue allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. This is due to a Directory Traversal vulnerability in Cloud Disk.

Recommendations For versions prior to 3.0.0.4.386.41634, update the firmware to version 3.0.0.4.386.41634 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cloud Disk feature until the update is applied.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2021-37317

Produtos afetados

Asus Rt-Ac68U

PT-2023-12309 · Asus · Asus Rt-Ac68U

CVE-2021-37317

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4