PT-2023-12309 · Asus · Asus Rt-Ac68U

Robert Chen

Published

2023-02-03

Updated

2023-02-13

CVE-2021-37317

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions ASUS RT-AC68U router firmware versions prior to 3.0.0.4.386.41634

Description The issue allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. This is due to a Directory Traversal vulnerability in Cloud Disk.

Recommendations For versions prior to 3.0.0.4.386.41634, update the firmware to version 3.0.0.4.386.41634 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cloud Disk feature until the update is applied.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-37317

Affected Products

Asus Rt-Ac68U

PT-2023-12309 · Asus · Asus Rt-Ac68U

CVE-2021-37317

Weakness Enumeration

Related Identifiers

Affected Products

References · 4