CVE-2021-37315

Name of the Vulnerable Software and Affected Versions ASUS RT-AC68U router firmware versions prior to 3.0.0.4.386.41634

Description The issue is related to an Incorrect Access Control problem in the Cloud Disk feature of the ASUS RT-AC68U router firmware. This problem allows remote attackers to write arbitrary files to the system due to improper sanitation of the source for COPY and MOVE operations. The vulnerability exists because of incomplete cleanup of temporary resources, which can be exploited by a remote attacker to record arbitrary files in the system.

Recommendations For versions prior to 3.0.0.4.386.41634, update the firmware to version 3.0.0.4.386.41634 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cloud Disk feature until the update is applied. Avoid using the COPY and MOVE operations in the Cloud Disk feature until the issue is resolved.