4 matches found
CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...
CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...
CVE-2017-15654
CVE-2017-15654 affects AsusWRT's HTTPd in Asus routers (versions up to 3.0.0.4.380.7743). The vulnerability stems from highly predictable session tokens generated by reseeding the RNG with time(), enabling an attacker to infer or guess a valid administrator session and gain router admin access. C...
Multiple vulnerabilities in all versions of ASUS routers
1 ASUSWRT 3.0.0.4.376 - multiple vulnerabilities in httpd server all versions of AsusWRT at the time of report to vendor, for previous 376 version see next section 1. Highly predictable session tokens The session token is generated for an authenticated user using stdlib rand function. The token...