PT-2018-5961 · Asus · Asuswrt
Blazej Adamczyk
·
Published
2018-01-31
·
Updated
2019-10-03
·
CVE-2017-15654
CVSS v3.1
8.3
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Asus asuswrt versions prior to 3.0.0.4.380.7743
Description:
The issue concerns highly predictable session tokens in the HTTPd server, which can be exploited to gain administrative access to the router.
Recommendations:
For versions prior to 3.0.0.4.380.7743, update to a version that contains a fix for this issue to prevent gaining administrative router access.
Exploit
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asuswrt