Описание
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.0.4.380.7743 (включая)
cpe:2.3:a:asus:asuswrt:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00303
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-613
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
EPSS
Процентиль: 53%
0.00303
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-613