CVE-2017-14699
Summary
| CVE | CVE-2017-14699 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-01-29 16:29:00 UTC |
| Updated | 2018-02-22 16:35:00 UTC |
| Description | Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. |
Risk And Classification
Problem Types: CWE-611
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Asus | Dsl-ac51 | - | All | All | All |
| Hardware | Asus | Dsl-ac51 | - | All | All | All |
| Operating System | Asus | Dsl-ac51 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-ac51 Firmware | - | All | All | All |
| Hardware | Asus | Dsl-ac52u | - | All | All | All |
| Hardware | Asus | Dsl-ac52u | - | All | All | All |
| Operating System | Asus | Dsl-ac52u Firmware | - | All | All | All |
| Operating System | Asus | Dsl-ac52u Firmware | - | All | All | All |
| Hardware | Asus | Dsl-ac55u | - | All | All | All |
| Hardware | Asus | Dsl-ac55u | - | All | All | All |
| Operating System | Asus | Dsl-ac55u Firmware | - | All | All | All |
| Operating System | Asus | Dsl-ac55u Firmware | - | All | All | All |
| Hardware | Asus | Dsl-ac56u | - | All | All | All |
| Hardware | Asus | Dsl-ac56u | - | All | All | All |
| Operating System | Asus | Dsl-ac56u Firmware | - | All | All | All |
| Operating System | Asus | Dsl-ac56u Firmware | - | All | All | All |
| Hardware | Asus | Dsl-ac750 | - | All | All | All |
| Hardware | Asus | Dsl-ac750 | - | All | All | All |
| Operating System | Asus | Dsl-ac750 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-ac750 Firmware | - | All | All | All |
| Hardware | Asus | Dsl-n10 C1 | - | All | All | All |
| Hardware | Asus | Dsl-n10 C1 | - | All | All | All |
| Operating System | Asus | Dsl-n10 C1 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n10 C1 Firmware | - | All | All | All |
| Hardware | Asus | Dsl-n12e C1 | - | All | All | All |
| Hardware | Asus | Dsl-n12e C1 | - | All | All | All |
| Operating System | Asus | Dsl-n12e C1 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n12e C1 Firmware | - | All | All | All |
| Hardware | Asus | Dsl-n12u C1 | - | All | All | All |
| Hardware | Asus | Dsl-n12u C1 | - | All | All | All |
| Operating System | Asus | Dsl-n12u C1 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n12u C1 Firmware | - | All | All | All |
| Hardware | Asus | Dsl-n14u | - | All | All | All |
| Hardware | Asus | Dsl-n14u | - | All | All | All |
| Hardware | Asus | Dsl-n14u-b1 | - | All | All | All |
| Hardware | Asus | Dsl-n14u-b1 | - | All | All | All |
| Operating System | Asus | Dsl-n14u-b1 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n14u-b1 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n14u Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n14u Firmware | - | All | All | All |
| Hardware | Asus | Dsl-n16 | - | All | All | All |
| Hardware | Asus | Dsl-n16 | - | All | All | All |
| Hardware | Asus | Dsl-n16u | - | All | All | All |
| Hardware | Asus | Dsl-n16u | - | All | All | All |
| Operating System | Asus | Dsl-n16u Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n16u Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n16 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n16 Firmware | - | All | All | All |
| Hardware | Asus | Dsl-n17u | - | All | All | All |
| Hardware | Asus | Dsl-n17u | - | All | All | All |
| Operating System | Asus | Dsl-n17u Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n17u Firmware | - | All | All | All |
| Hardware | Asus | Dsl-n55u C1 | - | All | All | All |
| Hardware | Asus | Dsl-n55u C1 | - | All | All | All |
| Operating System | Asus | Dsl-n55u C1 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n55u C1 Firmware | - | All | All | All |
| Hardware | Asus | Dsl-n55u D1 | - | All | All | All |
| Hardware | Asus | Dsl-n55u D1 | - | All | All | All |
| Operating System | Asus | Dsl-n55u D1 Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n55u D1 Firmware | - | All | All | All |
| Hardware | Asus | Dsl-n66u | - | All | All | All |
| Hardware | Asus | Dsl-n66u | - | All | All | All |
| Operating System | Asus | Dsl-n66u Firmware | - | All | All | All |
| Operating System | Asus | Dsl-n66u Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| - ||ASUS Global | CONFIRM | www.asus.com | Patch, Vendor Advisory |
| Some vulnerability in ASUS routers - Security Art Work | MISC | www.securityartwork.es | Broken Link |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.