3 matches found
CVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...
CVE-2017-15653
CVE-2017-15653 concerns AsusWRT routers with the HTTPd web interface. It describes an improper administrator IP validation after login, allowing an unauthorized user who has a valid administrator session token to perform any action by sending a crafted User-Agent string. Affected versions are all...
Multiple vulnerabilities in all versions of ASUS routers
1 ASUSWRT 3.0.0.4.376 - multiple vulnerabilities in httpd server all versions of AsusWRT at the time of report to vendor, for previous 376 version see next section 1. Highly predictable session tokens The session token is generated for an authenticated user using stdlib rand function. The token...