Home
CRITICAL: 9.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:HDefault status
unaffected
3.0.0.4_386 series (custom)
affected
3.0.0.4_388 series (custom)
affected
3.0.0.6_102 series (custom)
affected
Description
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware ' section on the ASUS Security Advisory for more information.
Problem types
CWE-354: Improper Validation of Integrity Check Value (4.20)
CWE-295: Improper Certificate Validation
Product status
3.0.0.4_386 series (custom)
3.0.0.4_388 series (custom)
3.0.0.6_102 series (custom)
References
www.asus.com/security-advisory/