Details of VAR-201703-1111

ID

VAR-201703-1111

CVE

CVE-2017-6549

TITLE

ASUS RT-AC53 Run on device ASUSWRT of httpd Vulnerable to session hijacking

Trust: 0.8

sources: JVNDB: JVNDB-2017-002139

DESCRIPTION

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers. ASUSWRT is the ASUS router firmware. ASUSWRTRT-AC53 has a session stealing vulnerability. Asus ASUSWRT is prone to the following multiple security vulnerabilities. 1. A buffer-overflow vulnerability 2. A cross-site-scripting vulnerability. 3. A session-hijacking vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or steal cookie-based authentication credentials and gain unauthorized access. Failed exploit attempts will likely cause denial-of-service conditions. There is a session hijacking vulnerability in the httpd of ASUS ASUSWRT in RT-AC53 with firmware version 3.0.0.4.380.6038

Trust: 2.52

sources: NVD: CVE-2017-6549 // JVNDB: JVNDB-2017-002139 // CNVD: CNVD-2017-03113 // BID: 96938 // VULHUB: VHN-114752

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-03113

AFFECTED PRODUCTS

vendor:	asus	model:	rt-ac53	scope:	eq	version:	3.0.0.4.380.6038	Trust: 2.2
vendor:	asustek computer	model:	rt-ac53	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ac53	scope:	eq	version:	3.0.0.4.380.6038	Trust: 0.8
vendor:	asus	model:	asuswrt rt-ac53	scope:	eq	version:	3.0.0.4.380.6038	Trust: 0.3
vendor:	asus	model:	asuswrt rt-ac53	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2017-03113 // BID: 96938 // JVNDB: JVNDB-2017-002139 // CNNVD: CNNVD-201703-321 // NVD: CVE-2017-6549

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6549
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6549
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-03113
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-321
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114752
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6549
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-03113
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114752
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6549
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-03113 // VULHUB: VHN-114752 // JVNDB: JVNDB-2017-002139 // CNNVD: CNNVD-201703-321 // NVD: CVE-2017-6549

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-114752 // JVNDB: JVNDB-2017-002139 // NVD: CVE-2017-6549

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-321

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201703-321

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002139

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-114752

PATCH

title:

RT-AC53

url:

https://www.asus.com/us/Networking/RT-AC53/

Trust: 0.8

sources: JVNDB: JVNDB-2017-002139

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6549	Trust: 3.4
db:	EXPLOIT-DB	id:	41572	Trust: 2.3
db:	BID	id:	96938	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-002139	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-321	Trust: 0.7
db:	EXPLOITDB	id:	41572	Trust: 0.6
db:	CNVD	id:	CNVD-2017-03113	Trust: 0.6
db:	PACKETSTORM	id:	142065	Trust: 0.1
db:	VULHUB	id:	VHN-114752	Trust: 0.1

sources: CNVD: CNVD-2017-03113 // VULHUB: VHN-114752 // BID: 96938 // JVNDB: JVNDB-2017-002139 // CNNVD: CNNVD-201703-321 // NVD: CVE-2017-6549

REFERENCES

url:	https://bierbaumer.net/security/asuswrt/#session-stealing	Trust: 2.5
url:	https://www.exploit-db.com/exploits/41572/	Trust: 2.3
url:	http://www.securityfocus.com/bid/96938	Trust: 1.7
url:	https://asuswrt.lostrealm.ca/changelog	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6549	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6549	Trust: 0.8
url:	https://bierbaumer.net/security/asuswrt/#	Trust: 0.3
url:	https://www.asus.com/asuswrt/	Trust: 0.3

sources: CNVD: CNVD-2017-03113 // VULHUB: VHN-114752 // BID: 96938 // JVNDB: JVNDB-2017-002139 // CNNVD: CNNVD-201703-321 // NVD: CVE-2017-6549

CREDITS

bruno

Trust: 0.3

sources: BID: 96938

SOURCES

db:	CNVD	id:	CNVD-2017-03113
db:	VULHUB	id:	VHN-114752
db:	BID	id:	96938
db:	JVNDB	id:	JVNDB-2017-002139
db:	CNNVD	id:	CNNVD-201703-321
db:	NVD	id:	CVE-2017-6549

LAST UPDATE DATE

2024-11-23T21:07:37.841000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-03113	date:	2017-03-22T00:00:00
db:	VULHUB	id:	VHN-114752	date:	2019-10-03T00:00:00
db:	BID	id:	96938	date:	2017-03-23T00:01:00
db:	JVNDB	id:	JVNDB-2017-002139	date:	2017-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201703-321	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6549	date:	2024-11-21T03:30:00.243

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-03113	date:	2017-03-22T00:00:00
db:	VULHUB	id:	VHN-114752	date:	2017-03-09T00:00:00
db:	BID	id:	96938	date:	2017-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-002139	date:	2017-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201703-321	date:	2017-03-09T00:00:00
db:	NVD	id:	CVE-2017-6549	date:	2017-03-09T09:59:00.253