⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2017-6549

CWE-287Improper Authentication5 documents5 sources
Severity
8.8HIGH
EPSS
24.5%
top 3.88%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Asus Rt-ac53 Firmware
Timeline
PublishedMar 9
Latest updateMay 13

Description

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.38

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDasus/rt-ac53_firmware3.0.0.4.380.6038

🔴Vulnerability Details

3
GHSA
GHSA-8484-cmv2-p86m: Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U2022-05-13
CVEList
CVE-2017-6549: Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U2017-03-09
VulnCheck
ASUS rt-ac53_firmware Improper Authentication2017

💥Exploits & PoCs

1
Exploit-DB
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing2017-03-08
CVE-2017-6549 (HIGH CVSS 8.8) | Session hijack vulnerability in htt | cvebase.io