Auth bypass in Asus Rt-n10e

CVE-2013-3610

qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.

Vulnerability class: Broken Authentication

EPSS: 0.002 (35.9th percentile) — read the EPSS interpretation.

Affected products

Asus Rt-n10e
Asus Rt-n10e_firmware — versions 2.0.0.7, 2.0.0.10, 2.0.0.16
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

VU#984366 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)