CVE-2021-37315

CRITICAL

ASUS RT-AC68U <3.0.0.4.386.41634 - Info Disclosure

Title source: llm

Description

Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations.

References (1)

[Exploit, Mitigation, Third Party Advisory] https://robertchen.cc/blog/2021/03/31/asus-rce

Scores

CVSS v3 9.1

EPSS 0.0104

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-706

Status published

Affected Products (1)

asus/rt-ac68u_firmware < 3.0.0.4.386.41634

Timeline

Published Feb 03, 2023

Tracked Since Feb 18, 2026