CVE-2020-15498

CWE-295Improper Certificate Validation3 documents3 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 71.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Rt-ac1900p Firmware
Timeline
PublishedAug 26
Latest updateMay 24

Description

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDasus/rt-ac1900p_firmware< 3.0.0.4.385.20253

🔴Vulnerability Details

2
GHSA
GHSA-r3jr-p57g-fw5f: An issue was discovered on ASUS RT-AC1900P routers before 32022-05-24
CVEList
CVE-2020-15498: An issue was discovered on ASUS RT-AC1900P routers before 32020-08-26
CVE-2020-15498 (MEDIUM CVSS 5.9) | An issue was discovered on ASUS RT- | cvebase.io