Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS wireless router products

The IT device vulnerabilities looks diversification today. Threat actors will be take advantage of XML. Why? Hundreds of document formats using XML syntax have been developed, including RSS, Atom, SOAP, SVG, and XHTML. XML-based formats have become the default for many office-productivity tools, including Microsoft Office (Office Open XML), and LibreOffice (OpenDocument), and Apple’s iWork. ASUS wireless router products more deploy at home, small retail shop and development countries. It is recommended to following hardware instruction to patch the devices.

Vulnerability synopsis:



(2) a PROPFIND request.

What is PROPFIND — used to retrieve properties, stored as XML, from a web resource. It is also overloaded to allow one to retrieve the collection structure (a.k.a. directory hierarchy) of a remote system. For more details, please see below url for reference. Do not ignore this vulnerability.