Vulnerabilities > CVE-2020-35219 - Missing Authorization vulnerability in Asus Dsl-N17U Firmware 1.1.0.2

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

asus

CWE-862

critical

NVD

Published: 2021-01-04

Updated: 2021-07-21

Summary

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings.

Vulnerable Configurations

Part	Description	Count
OS	Asus Asus DSL N17U Firmware 1.1.0.2	1
Hardware	Asus Asus DSL N17U -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://securityforeveryone.com/blog/asus-dsl-n17u-model-cve-2020-35219
https://www.asus.com/Networking-IoT-Servers/Modem-LTE-Routers/All-series/DSL-N16/HelpDesk_BIOS/