CVE-2017-15654

CWE-3303 documents3 sources
Severity
8.3HIGH
EPSS
1.0%
top 23.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Asuswrt
Timeline
PublishedJan 31
Latest updateMay 13

Description

Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages1 packages

NVDasus/asuswrt3.0.0.4.380.7743

🔴Vulnerability Details

2
GHSA
GHSA-xjwp-6c2p-p5mx: Highly predictable session tokens in the HTTPd server in all current versions (<= 32022-05-13
CVEList
CVE-2017-15654: Highly predictable session tokens in the HTTPd server in all current versions (<= 32018-01-31
CVE-2017-15654 (HIGH CVSS 8.3) | Highly predictable session tokens i | cvebase.io