CVE-2021-37316

Name of the Vulnerable Software and Affected Versions ASUS RT-AC68U router firmware versions prior to 3.0.0.4.386.41634

Description The issue is related to a SQL injection vulnerability in the Cloud Disk feature of the ASUS RT-AC68U router firmware. This vulnerability allows remote attackers to view sensitive information, specifically via the /etc/shadow file. The vulnerability is due to inadequate protection of the SQL query structure.

Recommendations For versions prior to 3.0.0.4.386.41634, update the firmware to version 3.0.0.4.386.41634 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cloud Disk feature until the update is applied. Avoid using the /etc/shadow file in the affected API endpoint until the issue is resolved.