Vulnerability Details CVE-2017-14699
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2017-14699
-
cpe:2.3:h:asus:dsl-ac51:-
-
cpe:2.3:h:asus:dsl-ac52u:-
-
cpe:2.3:h:asus:dsl-ac55u:-
-
cpe:2.3:h:asus:dsl-ac56u:-
-
cpe:2.3:h:asus:dsl-ac750:-
-
cpe:2.3:h:asus:dsl-n10_c1:-
-
cpe:2.3:h:asus:dsl-n12e_c1:-
-
cpe:2.3:h:asus:dsl-n12u_c1:-
-
cpe:2.3:h:asus:dsl-n14u-b1:-
-
cpe:2.3:h:asus:dsl-n14u:-
-
cpe:2.3:h:asus:dsl-n16:-
-
cpe:2.3:h:asus:dsl-n16u:-
-
cpe:2.3:h:asus:dsl-n17u:-
-
cpe:2.3:h:asus:dsl-n55u_c1:-
-
cpe:2.3:h:asus:dsl-n55u_d1:-
-
cpe:2.3:h:asus:dsl-n66u:-
-
cpe:2.3:o:asus:dsl-ac51_firmware:-
-
cpe:2.3:o:asus:dsl-ac52u_firmware:-
-
cpe:2.3:o:asus:dsl-ac55u_firmware:-
-
cpe:2.3:o:asus:dsl-ac56u_firmware:-
-
cpe:2.3:o:asus:dsl-ac750_firmware:-
-
cpe:2.3:o:asus:dsl-n10_c1_firmware:-
-
cpe:2.3:o:asus:dsl-n12e_c1_firmware:-
-
cpe:2.3:o:asus:dsl-n12u_c1_firmware:-
-
cpe:2.3:o:asus:dsl-n14u-b1_firmware:-
-
cpe:2.3:o:asus:dsl-n14u_firmware:-
-
cpe:2.3:o:asus:dsl-n16_firmware:-
-
cpe:2.3:o:asus:dsl-n16u_firmware:-
-
cpe:2.3:o:asus:dsl-n17u_firmware:-
-
cpe:2.3:o:asus:dsl-n55u_c1_firmware:-
-
cpe:2.3:o:asus:dsl-n55u_d1_firmware:-
-
cpe:2.3:o:asus:dsl-n66u_firmware:-