The IT device vulnerabilities looks diversification today. Threat actors will be take advantage of XML. Why? Hundreds of document formats using XML syntax have been developed, including RSS, Atom, SOAP, SVG, and XHTML. XML-based formats have become the default for many office-productivity tools, including Microsoft Office (Office Open XML), OpenOffice.org and LibreOffice (OpenDocument), and Apple’s iWork. ASUS wireless router products more deploy at home, small retail shop and development countries. It is recommended to following hardware instruction to patch the devices.

Vulnerability synopsis:

(1) an UPDATEACCOUNT

or

(2) a PROPFIND request.

What is PROPFIND — used to retrieve properties, stored as XML, from a web resource. It is also overloaded to allow one to retrieve the collection structure (a.k.a. directory hierarchy) of a remote system. For more details, please see below url for reference. Do not ignore this vulnerability.

Reference: https://www.fortify24x7.com/cve-2017-14699/