Login Sign Up

CVE-2017-14698

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows remote attackers to change passwords of arbitrary users on affected ASUS routers via the http_passwd parameter to mod_login.asp. Attackers can gain unauthorized administrative access without authentication. All users of the listed ASUS router models are affected.

💻 Affected Systems

Products:
  • ASUS DSL-AC51
  • DSL-AC52U
  • DSL-AC55U
  • DSL-N55U C1
  • DSL-N55U D1
  • DSL-AC56U
  • DSL-N10_C1
  • DSL-N12U C1
  • DSL-N12E C1
  • DSL-N14U
  • DSL-N14U-B1
  • DSL-N16
  • DSL-N16U
  • DSL-N17U
  • DSL-N66U
  • DSL-AC750
Versions: All firmware versions prior to patched releases
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web administration interface of these routers. Remote administration must be enabled for internet exploitation.

📦 What is this software?

Dsl Ac51 Firmware by Asus

View all CVEs affecting Dsl Ac51 Firmware →

Dsl Ac52u Firmware by Asus

View all CVEs affecting Dsl Ac52u Firmware →

Dsl Ac55u Firmware by Asus

View all CVEs affecting Dsl Ac55u Firmware →

Dsl Ac56u Firmware by Asus

View all CVEs affecting Dsl Ac56u Firmware →

Dsl Ac750 Firmware by Asus

View all CVEs affecting Dsl Ac750 Firmware →

Dsl N10 C1 Firmware by Asus

View all CVEs affecting Dsl N10 C1 Firmware →

Dsl N12e C1 Firmware by Asus

View all CVEs affecting Dsl N12e C1 Firmware →

Dsl N12u C1 Firmware by Asus

View all CVEs affecting Dsl N12u C1 Firmware →

Dsl N14u B1 Firmware by Asus

View all CVEs affecting Dsl N14u B1 Firmware →

Dsl N14u Firmware by Asus

View all CVEs affecting Dsl N14u Firmware →

Dsl N16 Firmware by Asus

View all CVEs affecting Dsl N16 Firmware →

Dsl N16u Firmware by Asus

View all CVEs affecting Dsl N16u Firmware →

Dsl N17u Firmware by Asus

View all CVEs affecting Dsl N17u Firmware →

Dsl N55u C1 Firmware by Asus

View all CVEs affecting Dsl N55u C1 Firmware →

Dsl N55u D1 Firmware by Asus

View all CVEs affecting Dsl N55u D1 Firmware →

Dsl N66u Firmware by Asus

View all CVEs affecting Dsl N66u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attackers to change admin credentials, intercept all network traffic, install malware, and use the router as a pivot point into the internal network.

🟠

Likely Case

Attackers gain administrative access to the router, enabling them to change DNS settings, intercept traffic, and potentially compromise connected devices.

🟢

If Mitigated

With proper network segmentation and firewall rules, impact is limited to the router itself, though attackers could still disrupt network connectivity.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to remote attackers.
🏢 Internal Only: LOW - This vulnerability requires access to the router's web interface, which is typically only accessible from the internal network or WAN side.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP POST request to mod_login.asp with crafted http_passwd parameter. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check ASUS support site for each model's latest firmware

Vendor Advisory: https://www.asus.com/support/

Restart Required: Yes

Instructions:

1. Visit ASUS support site for your router model. 2. Download latest firmware. 3. Log into router admin panel. 4. Navigate to Administration > Firmware Upgrade. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Administration

all

Prevents exploitation from internet by disabling remote access to router admin interface

Restrict Admin Interface Access

all

Limit access to router admin interface to specific IP addresses or MAC addresses

🧯 If You Can't Patch

  • Replace affected routers with patched or different models
  • Place router behind another firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version against latest available on ASUS support site. If not latest, assume vulnerable.

Check Version:

Log into router admin interface and check Firmware Version in System Status or similar section

Verify Fix Applied:

Verify firmware version matches latest patched version from ASUS. Test that password change requires proper authentication.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts followed by successful password change
  • HTTP POST requests to mod_login.asp with http_passwd parameter

Network Indicators:

  • Unusual HTTP traffic to router admin interface from external IPs
  • DNS configuration changes without authorized changes

SIEM Query:

source="router_logs" AND (uri="/mod_login.asp" OR method="POST" AND uri CONTAINS "login")

📊 Metadata

CVE ID: CVE-2017-14698
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: January 29, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-14698, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2019-1867 10.0

This vulnerability allows unauthenticated remote attackers to bypass authentication on Cisco Elastic...

Same vulnerability type (CWE-287)