CVE-2017-15654

Опубликовано: 31 янв. 2018

Источник: nvd

CVSS3: 8.3

CVSS2: 7.6

EPSS Низкий

Описание

Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.

Ссылки

http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Jan/63
Exploit
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Jan/63
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*

Версия до 3.0.0.4.380.7743 (включая)

EPSS

Процентиль: 76%

0.00951

Низкий

8.3 High

CVSS3

7.6 High

CVSS2

Дефекты

CWE-330

Связанные уязвимости

GHSA-xjwp-6c2p-p5mx