Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
936
VMScore

CVE-2017-6549

Published: 09/03/2017 Updated: 03/10/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 936
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Asus

Vulnerability Summary

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware prior to 3.0.0.4.380.7378; RT-AC68W routers with firmware prior to 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware prior to 3.0.0.4.380.9488; and Asuswrt-Merlin firmware prior to 380.65_2 allows remote malicious users to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

asus rt-ac53_firmware 3.0.0.4.380.6038

Exploits

Exploit DB: ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing
Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function search_token_in_list to validate if a user is logged into the admin interface by checking his asus_token value There seems to be a branch which could be a failed attempt to build in a logout functionality asus_token_t* search_token_in_list(char* token ...
Exploit DB: ASUS WRT Session Hijacking Nmap NSE Script
This NSE script for Nmap exploits a session hijacking vulnerability in ASUS WRT ...

Github Repositories

https://github.com/taufiq/asus-router-session-steal

πŸ‘¨πŸ½β€πŸ’» Session steal a E1200 Linksys router

asus-router-session-steal Wrote my own metasploit module to session steal my old router and change the password Works by stealing an active admin session and is related to the CVE-2017-6549 vulnerability Instructions Move the rb file to /usr/share/metasploit-framework/modules/exploit/linux/http Run the following commands after moving: msfconsole use exploit/linux/http/session_

https://github.com/taufiqmmhd/asus-router-session-steal

πŸ‘¨πŸ½β€πŸ’» Session steal a E1200 Linksys router

asus-router-session-steal Wrote my own metasploit module to session steal my old router and change the password Works by stealing an active admin session and is related to the CVE-2017-6549 vulnerability Instructions Move the rb file to /usr/share/metasploit-framework/modules/exploit/linux/http Run the following commands after moving: msfconsole use exploit/linux/http/session_

References

CWE-287https://bierbaumer.net/security/asuswrt/#session-stealinghttp://www.securityfocus.com/bid/96938https://asuswrt.lostrealm.ca/changeloghttps://www.exploit-db.com/exploits/41572/https://nvd.nist.govhttps://www.exploit-db.com/exploits/41572/https://github.com/taufiq/asus-router-session-steal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook