#VU6511 Cross-site request forgery in Asus products - CVE-2017-5891 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU6511

#VU6511 Cross-site request forgery in Asus products - CVE-2017-5891

Published: May 11, 2017 / Updated: May 12, 2017


Vulnerability identifier: #VU6511
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2017-5891
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
RT-N600
RT-N300
RT-N66W
RT-N66U
RT-N66R
RT-N56U
RT-N16
RT-N12E
RT-N12+
RT-N12
RT-N11P
RT-AC5300
RT-AC3200
RT-AC3100
RT-AC1750
RT-AC1200
RT-AC88U
RT-AC87U
RT-AC87R
RT-AC68R
RT-AC68P
RT-AC68W
RT-AC66W
RT-AC68UF
RT-AC68U
RT-AC66U
RT-AC56U
RT-AC56S
RT-AC56R
RT-AC55U
RT-AC53
RT-AC52U B1
RT-AC51U
Software vendor:
Asus

Description

The vulnerability allows a remote attacker to perform CSRF attacks.

The vulnerability exists due to improper validation of the HTTP request origin. A remote attacker can create a specially specially crafted web page, trick the authenticated victim into visiting it, perform cross-site request forgery attack and hijack the authentication of unspecified victims.

Successful exploitation of the vulnerability may result in cross-site request forgery conducting.

Remediation

Update to version 3.0.0.4.380.7378 or later.

External links