CVE-2017-14698

CRITICAL

ASUS DSL Router Firmware - Unauthenticated Password Change via http_passwd Parameter

Title source: llm

Description

ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.

References (2)

Core 2

Core References

Broken Link x_refsource_misc

https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/

Patch, Vendor Advisory x_refsource_confirm

https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/

Scores

CVSS v3 9.8

EPSS 0.0045

EPSS Percentile 63.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (16)

asus/dsl-ac51_firmware

asus/dsl-ac52u_firmware

asus/dsl-ac55u_firmware

asus/dsl-ac56u_firmware

asus/dsl-ac750_firmware

asus/dsl-n10_c1_firmware

asus/dsl-n12e_c1_firmware

asus/dsl-n12u_c1_firmware

asus/dsl-n14u-b1_firmware

asus/dsl-n14u_firmware

... and 6 more

Published Jan 29, 2018

Tracked Since Feb 18, 2026