Information disclosure in Asus Rt-n56u

CVE-2011-4497

QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.

Vulnerability class: Information Disclosure

EPSS: 0.002 (37.3th percentile) — read the EPSS interpretation.

Affected products

Asus Rt-n56u
Asus Rt-n56u_firmware — versions 1.0.0.9, 1.0.1.2, 1.0.1.3
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

VU#200814 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)