PT-2021-11733 · Asus · Asus Dsl-N17U

Published

2021-01-04

Updated

2021-07-21

CVE-2020-35219

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ASUS DSL-N17U modem version 1.1.0.2

Description: The issue allows attackers to access the admin interface without authentication by changing the admin password. This is achieved through a POST request to "Advanced System Content.asp" with specific substrings, including uiViewTools username, uiViewTools Password, and uiViewTools PasswordConfirm.

Recommendations: For version 1.1.0.2, as a temporary workaround, consider restricting access to the "Advanced System Content.asp" endpoint until a patch is available. Avoid using the uiViewTools username, uiViewTools Password, and uiViewTools PasswordConfirm substrings in the affected POST request until the issue is resolved.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-35219

Affected Products

Asus Dsl-N17U

PT-2021-11733 · Asus · Asus Dsl-N17U

CVE-2020-35219

Weakness Enumeration

Related Identifiers

Affected Products

References · 4