var-201801-0538
Vulnerability from variot
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. Asus asuswrt Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. A plaintext password storage vulnerability exists in Asusasuswrt 3.0.0.4.380.7743 and earlier. An attacker could exploit the vulnerability to obtain password information. HTTPd server is one of the HTTP servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0538",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.7743"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:asuswrt",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blazej Adamczyk",
"sources": [
{
"db": "PACKETSTORM",
"id": "145921"
}
],
"trust": 0.1
},
"cve": "CVE-2017-15656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-15656",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-02921",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-106500",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-15656",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15656",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-15656",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-02921",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-106500",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Password are stored in plaintext in nvram in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt. Asus asuswrt Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. A plaintext password storage vulnerability exists in Asusasuswrt 3.0.0.4.380.7743 and earlier. An attacker could exploit the vulnerability to obtain password information. HTTPd server is one of the HTTP servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15656"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15656",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "145921",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-02921",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-106500",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"id": "VAR-201801-0538",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
}
],
"trust": 1.3166666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
}
]
},
"last_update_date": "2024-11-23T22:30:32.262000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT",
"trust": 0.8,
"url": "https://www.asus.com/ASUSWRT/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2018/jan/63"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/145921/asuswrt-3.0.0.4.382.18495-session-hijacking-information-disclosure.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15653"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"date": "2018-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-106500"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"date": "2018-01-16T04:44:44",
"db": "PACKETSTORM",
"id": "145921"
},
{
"date": "2017-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1108"
},
{
"date": "2018-01-31T20:29:00.413000",
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-106500"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1108"
},
{
"date": "2024-11-21T03:14:58.350000",
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asus asuswrt Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.