Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MISC:ASUS-DSL-PWRESET |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ASUS DSL Router Change Administrator Password |
Release Date |
2019/03/28 |
Update Number |
3157 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: ASUS DSL Router Change Administrator Password
This signature detects attempts to exploit a known vulnerability against ASUS DSL Router. A successful attack can lead to admin password reset.
Extended Description
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.
Affected Products
- Asus dsl-ac51_firmware -
- Asus dsl-ac52u_firmware -
- Asus dsl-ac55u_firmware -
- Asus dsl-ac56u_firmware -
- Asus dsl-ac750_firmware -
- Asus dsl-n10_c1_firmware -
- Asus dsl-n12e_c1_firmware -
- Asus dsl-n12u_c1_firmware -
- Asus dsl-n14u-b1_firmware -
- Asus dsl-n14u_firmware -
- Asus dsl-n16_firmware -
- Asus dsl-n16u_firmware -
- Asus dsl-n17u_firmware -
- Asus dsl-n55u_c1_firmware -
- Asus dsl-n55u_d1_firmware -
- Asus dsl-n66u_firmware -
References
- CVE: CVE-2017-14698