The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings.
References
Link | Resource |
---|---|
https://securityforeveryone.com/blog/asus-dsl-n17u-model-cve-2020-35219 | Third Party Advisory |
https://www.asus.com/Networking-IoT-Servers/Modem-LTE-Routers/All-series/DSL-N16/HelpDesk_BIOS/ | Not Applicable Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-04T17:50:42
Updated: 2021-01-04T17:50:42
Reserved: 2020-12-13T00:00:00
Link: CVE-2020-35219
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-04T18:15:13.557
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-35219
JSON object: View
Redhat Information
No data.
CWE