Login Sign Up

CVE-2021-37317

9.1 CRITICAL

📋 TL;DR

This CVE describes a directory traversal vulnerability in ASUS RT-AC68U router's Cloud Disk feature that allows remote attackers to write arbitrary files via improper input sanitization in COPY and MOVE operations. Attackers can potentially achieve remote code execution by writing malicious files to sensitive locations. Users of affected ASUS router firmware versions are vulnerable.

💻 Affected Systems

Products:
  • ASUS RT-AC68U router
Versions: Firmware versions before 3.0.0.4.386.41634
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Cloud Disk feature to be enabled or accessible. Some configurations may have this disabled by default.

📦 What is this software?

Rt Ac68u Firmware by Asus

View all CVEs affecting Rt Ac68u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete router compromise, credential theft, network traffic interception, and lateral movement into connected devices.

🟠

Likely Case

File system manipulation allowing attackers to modify configuration files, install backdoors, or disrupt router functionality.

🟢

If Mitigated

Limited impact if Cloud Disk feature is disabled or network access is restricted, though other attack vectors may still exist.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to the router's web interface or Cloud Disk service. Authentication status depends on specific configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.0.4.386.41634 and later

Vendor Advisory: https://www.asus.com/support/FAQ/1046354/

Restart Required: Yes

Instructions:

1. Log into router web interface. 2. Navigate to Administration > Firmware Upgrade. 3. Check for updates or manually upload firmware version 3.0.0.4.386.41634 or later. 4. Apply update and wait for router to reboot.

🔧 Temporary Workarounds

Disable Cloud Disk

all

Turn off the vulnerable Cloud Disk feature to prevent exploitation

Navigate to USB Application > Cloud Disk in router web interface and disable

Restrict Network Access

all

Limit access to router administration interface

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

  • Disable Cloud Disk feature immediately
  • Implement network segmentation to isolate router from critical systems

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under Administration > Firmware Upgrade

Check Version:

Check router web interface or use: curl -s http://router-ip/Advanced_FirmwareUpgrade_Content.asp | grep firmware_version

Verify Fix Applied:

Confirm firmware version is 3.0.0.4.386.41634 or later

📡 Detection & Monitoring

Log Indicators:

  • Unusual file operations in Cloud Disk logs
  • Multiple failed COPY/MOVE operations with path traversal patterns

Network Indicators:

  • HTTP requests to Cloud Disk endpoints with ../ sequences in parameters
  • Unusual traffic to router administration interface

SIEM Query:

source="router_logs" AND ("Cloud Disk" OR "COPY" OR "MOVE") AND ("..\/" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2021-37317
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-22
Published: February 3, 2023
Last Updated: March 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37317, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)