Search
Find a vulnerability
Search criteria
39 vulnerabilities found for RT-AC68U by ASUS
VAR-201707-0387
Vulnerability from variot - Updated: 2025-04-20 23:36Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.378.7177"
},
{
"model": "rt-ac66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac5300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n18u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt ac1200g",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3167"
},
{
"model": "rt ac1900p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12hp",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt ac1200gu",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.5577"
},
{
"model": "rt-n12hp b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-ac51u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n16",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac3100",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac1200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac52u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.4180"
},
{
"model": "rt-ac68p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac53",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt-n12d1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac88u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac3200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt n12\\+ pro",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac58u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7485"
},
{
"model": "rt-ac55u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac66u b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-n12d1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12hp",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt-ac53",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt n12\\+ pro",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac3200",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n300",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
}
]
},
"cve": "CVE-2017-11344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-11344",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-35393",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-101757",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-11344",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11344",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11344",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-35393",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-768",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101757",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2017/07/14/3",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-11344",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35393",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97015",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-101757",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"id": "VAR-201707-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
}
],
"trust": 1.342782942
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
}
]
},
"last_update_date": "2025-04-20T23:36:49.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://asuswrt.lostrealm.ca/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
},
{
"trust": 1.1,
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11344"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11344"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"date": "2017-07-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101757"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"date": "2017-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"date": "2017-07-17T13:18:20.923000",
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101757"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS For devices Asuswrt-Merlin Firmware and ASUS Firmware network map global buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
}
],
"trust": 0.6
}
}
VAR-201707-0400
Vulnerability from variot - Updated: 2025-04-20 23:36Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0400",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.378.7177"
},
{
"model": "rt-ac66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac5300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n18u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt ac1200g",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3167"
},
{
"model": "rt ac1900p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12hp",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt ac1200gu",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.5577"
},
{
"model": "rt-n12hp b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-ac51u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n16",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac3100",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac1200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac52u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.4180"
},
{
"model": "rt-ac68p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac53",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt-n12d1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac88u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac3200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt n12\\+ pro",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac58u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7485"
},
{
"model": "rt-ac55u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac66u b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "1.0.1.4"
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-n12d1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12hp",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt-ac53",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt ac1200gu",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.5577"
},
{
"model": "rt n12\\+ pro",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n300",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
}
]
},
"cve": "CVE-2017-11345",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-11345",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-35394",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-101758",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-11345",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11345",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11345",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-35394",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-767",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101758",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11345",
"trust": 3.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2017/07/14/3",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35394",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97016",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-101758",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"id": "VAR-201707-0400",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
}
],
"trust": 1.342782942
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
}
]
},
"last_update_date": "2025-04-20T23:36:49.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://asuswrt.lostrealm.ca/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
},
{
"trust": 1.1,
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11345"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11345"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"date": "2017-07-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101758"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"date": "2017-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"date": "2017-07-17T13:18:20.953000",
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101758"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS For devices Asuswrt-Merlin Firmware and ASUS Firmware network map stack buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
}
],
"trust": 0.6
}
}
VAR-201707-0535
Vulnerability from variot - Updated: 2025-04-20 23:27Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. ASUSRT-AC5300 is the RT series router product of ASUS. Asuswrt-Merlin is the firmware running in it. The following products are affected: ASUS RT-AC5300; RT_AC1900P; RT-AC68U; RT-AC68P; RT-AC88U; AC51U; RT-N18U; RT-N66U; RT-N56U; RT-AC3200; RT-AC3100; RT_AC1200GU; RT_AC1200G; RT_N12+_PRO; RT-N16; RT-N300
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0535",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.378.7177"
},
{
"model": "rt-ac66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac5300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n18u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt ac1200g",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3167"
},
{
"model": "rt ac1900p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12hp",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt ac1200gu",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.5577"
},
{
"model": "rt-n12hp b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-ac51u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n16",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac3100",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac1200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac52u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.4180"
},
{
"model": "rt-ac68p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac53",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt-n12d1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac88u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac3200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt n12\\+ pro",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac58u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7485"
},
{
"model": "rt-ac55u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac66u b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt ac1200g",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3167"
},
{
"model": "rt-n12d1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12hp",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt-ac53",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt n12\\+ pro",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n300",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
}
]
},
"cve": "CVE-2017-11420",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11420",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-24400",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-101841",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11420",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11420",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-11420",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-24400",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-754",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101841",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. ASUSRT-AC5300 is the RT series router product of ASUS. Asuswrt-Merlin is the firmware running in it. The following products are affected: ASUS RT-AC5300; RT_AC1900P; RT-AC68U; RT-AC68P; RT-AC88U; AC51U; RT-N18U; RT-N66U; RT-N56U; RT-AC3200; RT-AC3100; RT_AC1200GU; RT_AC1200G; RT_N12+_PRO; RT-N16; RT-N300",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2017/07/13/1",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-11420",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-24400",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101841",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"id": "VAR-201707-0535",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
}
],
"trust": 1.342782942
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
}
]
},
"last_update_date": "2025-04-20T23:27:22.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://asuswrt.lostrealm.ca/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.openwall.com/lists/oss-security/2017/07/13/1"
},
{
"trust": 1.1,
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11420"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11420"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"date": "2017-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-101841"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"date": "2017-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"date": "2017-07-18T05:29:00.470000",
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101841"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"date": "2017-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS For devices Asuswrt-Merlin Firmware and ASUS Firmware network map ASUS_Discovery.c Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
}
],
"trust": 0.6
}
}
VAR-201708-1179
Vulnerability from variot - Updated: 2025-04-20 23:23Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url. plural ASUS For devices Asuswrt-Merlin Firmware and ASUS The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC5300 and others are wireless routers from ASUS. ASUSAsuswrt-Merlin is the firmware running in it. Httpd is one of the embedded http servers. A stack buffer overflow vulnerability exists in Asuswrt-Merlin380.67_0RT-AC5300 and previous versions of httpd in several ASUS products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n66u",
"scope": null,
"trust": 1.2,
"vendor": "asus",
"version": null
},
{
"model": "asuswrt-merlin",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "380.67"
},
{
"model": "asuswrt-merlin",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "asuswrt-merlin \u003c=380.67 0rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "asuswrt-merlin",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt",
"version": "380.67_0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:asuswrt-merlin",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
}
]
},
"cve": "CVE-2017-12754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-12754",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-32450",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-12754",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12754",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12754",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-12754",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-32450",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-443",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url. plural ASUS For devices Asuswrt-Merlin Firmware and ASUS The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC5300 and others are wireless routers from ASUS. ASUSAsuswrt-Merlin is the firmware running in it. Httpd is one of the embedded http servers. A stack buffer overflow vulnerability exists in Asuswrt-Merlin380.67_0RT-AC5300 and previous versions of httpd in several ASUS products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12754"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNVD",
"id": "CNVD-2017-32450"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12754",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-32450",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"id": "VAR-201708-1179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
}
],
"trust": 1.2386813426923076
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
}
]
},
"last_update_date": "2025-04-20T23:23:37.803000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://asuswrt.lostrealm.ca/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://github.com/coincoin7/wireless-router-vulnerability/blob/master/asus_deleteofflineclientoverflow.txt"
},
{
"trust": 1.6,
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12754"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"date": "2017-08-09T15:29:00.183000",
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS For devices Asuswrt-Merlin Firmware and ASUS Firmware buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
}
],
"trust": 0.6
}
}
VAR-201502-0454
Vulnerability from variot - Updated: 2025-04-13 23:32ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page. ASUS RT Series Routers has an unspecified command injection vulnerability because it failed to properly filter user-supplied input. Allows an attacker to execute arbitrary operating system commands in the context of the affected device. A security vulnerability exists in several ASUS routers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56s",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac87u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.378.3754"
},
{
"model": "rt-ac56s",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.376.3715"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.4.378.3754"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac56s",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac56s",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6065"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6152"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6065"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6065"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6065"
},
{
"model": "rt-series routers",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.376.3715"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"db": "BID",
"id": "72390"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-002"
},
{
"db": "NVD",
"id": "CVE-2014-7269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac56s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac68u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac87u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-n56u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-n66u",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Masashi Sakai",
"sources": [
{
"db": "BID",
"id": "72390"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7269",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2014-7269",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-000011",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-00880",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-75214",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7269",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000011",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00880",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-002",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-75214",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"db": "VULHUB",
"id": "VHN-75214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-002"
},
{
"db": "NVD",
"id": "CVE-2014-7269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page. ASUS RT Series Routers has an unspecified command injection vulnerability because it failed to properly filter user-supplied input. Allows an attacker to execute arbitrary operating system commands in the context of the affected device. A security vulnerability exists in several ASUS routers",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
},
{
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"db": "BID",
"id": "72390"
},
{
"db": "VULHUB",
"id": "VHN-75214"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7269",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN77792759",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000011",
"trust": 2.5
},
{
"db": "BID",
"id": "72390",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201502-002",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-00880",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-75214",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"db": "VULHUB",
"id": "VHN-75214"
},
{
"db": "BID",
"id": "72390"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-002"
},
{
"db": "NVD",
"id": "CVE-2014-7269"
}
]
},
"id": "VAR-201502-0454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"db": "VULHUB",
"id": "VHN-75214"
}
],
"trust": 1.3538392259999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00880"
}
]
},
"last_update_date": "2025-04-13T23:32:46.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware for wireless LAN routers that addressed cross-site request forgery and OS command injection vulnerabilities are available",
"trust": 0.8,
"url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
},
{
"title": "ASUS RT Series Routers has patches for unspecified command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54909"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
},
{
"db": "NVD",
"id": "CVE-2014-7269"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn77792759/index.html"
},
{
"trust": 1.7,
"url": "http://www.asus.com/jp/news/pnzpd7vkxtrkwxhr"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000011"
},
{
"trust": 0.8,
"url": "//cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7269"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7269"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72390"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"db": "VULHUB",
"id": "VHN-75214"
},
{
"db": "BID",
"id": "72390"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-002"
},
{
"db": "NVD",
"id": "CVE-2014-7269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"db": "VULHUB",
"id": "VHN-75214"
},
{
"db": "BID",
"id": "72390"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-002"
},
{
"db": "NVD",
"id": "CVE-2014-7269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"date": "2015-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-75214"
},
{
"date": "2015-01-28T00:00:00",
"db": "BID",
"id": "72390"
},
{
"date": "2015-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000011"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-002"
},
{
"date": "2015-02-01T15:59:01.917000",
"db": "NVD",
"id": "CVE-2014-7269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00880"
},
{
"date": "2015-02-04T00:00:00",
"db": "VULHUB",
"id": "VHN-75214"
},
{
"date": "2015-01-28T00:00:00",
"db": "BID",
"id": "72390"
},
{
"date": "2015-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000011"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-002"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ASUS wireless LAN routers vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000011"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-002"
}
],
"trust": 0.6
}
}
VAR-201411-0483
Vulnerability from variot - Updated: 2025-04-13 23:27ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a file from http://dlcdnet.asus.com, parses it to determine the latest firmware version, then downloads (again in the clear) a binary file matching that version number from the same web site. No HTTP = no assurance that the site on the other end is the legitimate ASUS web site, and no assurance that the firmware file and version lookup table have not been modified in transit.
In the link below I describe the issue in detail, and demonstrate a proof of concept through which I successfully caused an RT-AC66R to "upgrade" to an older firmware with known vulnerabilities. In concept it should also be possible to deliver a fully custom malicious firmware in the same manner.
This applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the RT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base but a different sub-version.
This has been fixed as an undocumented feature of the 376 firmware branch (3.0.0.4.376.x).
Details and POC: http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html
-- Regards, David Longenecker @dnlongen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.6,
"vendor": "t mobile",
"version": "3.0.0.4.376_3169"
},
{
"model": "rt series",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374.x"
},
{
"model": "rt",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.376.x"
},
{
"model": "rt-series wireless routers",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n53",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Longenecker",
"sources": [
{
"db": "BID",
"id": "70791"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
}
],
"trust": 1.0
},
"cve": "CVE-2014-2718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2718",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07699",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-70657",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2718",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2718",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-07699",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1415",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70657",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a\nfile from http://dlcdnet.asus.com, parses it to determine the latest\nfirmware version, then downloads (again in the clear) a binary file\nmatching that version number from the same web site. No HTTP = no assurance\nthat the site on the other end is the legitimate ASUS web site, and no\nassurance that the firmware file and version lookup table have not been\nmodified in transit. \n\nIn the link below I describe the issue in detail, and demonstrate a proof\nof concept through which I successfully caused an RT-AC66R to \"upgrade\" to\nan older firmware with known vulnerabilities. In concept it should also be\npossible to deliver a fully custom malicious firmware in the same manner. \n\nThis applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R,\nRT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the\nRT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base\nbut a different sub-version. \n\nThis has been fixed as an undocumented feature of the 376 firmware branch\n(3.0.0.4.376.x). \n\nDetails and POC:\nhttp://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html\n\n-- \nRegards,\nDavid Longenecker\n@dnlongen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2718"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "PACKETSTORM",
"id": "128904"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-70657",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70657"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2718",
"trust": 3.5
},
{
"db": "BID",
"id": "70791",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "128904",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-07699",
"trust": 0.6
},
{
"db": "XF",
"id": "98316",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70657",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"id": "VAR-201411-0483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
}
],
"trust": 1.3441403886666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
}
]
},
"last_update_date": "2025-04-13T23:27:35.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.asus.com/jp/"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"title": "ASUS RT Series Wireless Routers patch for middleman security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/51508"
},
{
"title": "FW_RT_AC68U_30043763715",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54536"
},
{
"title": "FW_RT_AC68U_30043763626",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54537"
},
{
"title": "FW_RT_AC68U_30043761663",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54538"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2014/oct/122"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/70791"
},
{
"trust": 2.1,
"url": "http://dnlongen.blogspot.com/2014/10/cve-2014-2718-asus-rt-mitm.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128904/asus-router-man-in-the-middle.html"
},
{
"trust": 1.1,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2718"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2718"
},
{
"trust": 0.8,
"url": "http://dnlongen.blogspot.jp/2014/10/cve-2014-2718-asus-rt-mitm.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/98316"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
},
{
"trust": 0.1,
"url": "http://dlcdnet.asus.com,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2718"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"date": "2014-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-70657"
},
{
"date": "2014-10-28T00:00:00",
"db": "BID",
"id": "70791"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"date": "2014-10-29T12:11:11",
"db": "PACKETSTORM",
"id": "128904"
},
{
"date": "2014-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"date": "2014-11-04T22:55:06.417000",
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-70657"
},
{
"date": "2014-10-28T00:00:00",
"db": "BID",
"id": "70791"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"date": "2014-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT Series router firmware arbitrary code execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "70791"
}
],
"trust": 0.3
}
}
VAR-201502-0455
Vulnerability from variot - Updated: 2025-04-13 23:27Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be conducted. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#77792759, an arbitrary OS command may be executed. A cross-site request forgery vulnerability exists in multiple ASUS RT routers that an attacker could use to perform certain unauthorized operations and access to affected devices. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0455",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56s",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac87u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.378.3754"
},
{
"model": "rt-ac56s",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.4.378.3754"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac56s",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac56s",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6065"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6152"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6065"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6065"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.4.378.6065"
},
{
"model": "japan rt-ac87u routers with",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.378.3754"
},
{
"model": "rt-ac68u routers with",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.376.3715"
},
{
"model": "rt-ac56s routers with",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.376.3715"
},
{
"model": "rt-n66u routers with",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.376.3715"
},
{
"model": "rt-n56u routers with",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.376.3715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"db": "BID",
"id": "72392"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-003"
},
{
"db": "NVD",
"id": "CVE-2014-7270"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac56s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac68u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac87u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-n56u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-n66u",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Masashi Sakai",
"sources": [
{
"db": "BID",
"id": "72392"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-7270",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000012",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-00881",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-75215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7270",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000012",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2015-00881",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-003",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-75215",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"db": "VULHUB",
"id": "VHN-75215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-003"
},
{
"db": "NVD",
"id": "CVE-2014-7270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be conducted. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#77792759, an arbitrary OS command may be executed. A cross-site request forgery vulnerability exists in multiple ASUS RT routers that an attacker could use to perform certain unauthorized operations and access to affected devices. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
},
{
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"db": "BID",
"id": "72392"
},
{
"db": "VULHUB",
"id": "VHN-75215"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7270",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN32631078",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000012",
"trust": 2.5
},
{
"db": "BID",
"id": "72392",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201502-003",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-00881",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-75215",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"db": "VULHUB",
"id": "VHN-75215"
},
{
"db": "BID",
"id": "72392"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-003"
},
{
"db": "NVD",
"id": "CVE-2014-7270"
}
]
},
"id": "VAR-201502-0455",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"db": "VULHUB",
"id": "VHN-75215"
}
],
"trust": 1.461392158888889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00881"
}
]
},
"last_update_date": "2025-04-13T23:27:33.729000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware for wireless LAN routers that addressed cross-site request forgery and OS command injection vulnerabilities are available",
"trust": 0.8,
"url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
},
{
"title": "Patch for multiple ASUS RT router cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54910"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
},
{
"db": "NVD",
"id": "CVE-2014-7270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn32631078/index.html"
},
{
"trust": 1.7,
"url": "http://www.asus.com/jp/news/pnzpd7vkxtrkwxhr"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000012"
},
{
"trust": 0.8,
"url": "//cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7270"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7270"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72392"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"db": "VULHUB",
"id": "VHN-75215"
},
{
"db": "BID",
"id": "72392"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-003"
},
{
"db": "NVD",
"id": "CVE-2014-7270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"db": "VULHUB",
"id": "VHN-75215"
},
{
"db": "BID",
"id": "72392"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-003"
},
{
"db": "NVD",
"id": "CVE-2014-7270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"date": "2015-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-75215"
},
{
"date": "2015-01-28T00:00:00",
"db": "BID",
"id": "72392"
},
{
"date": "2015-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000012"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-003"
},
{
"date": "2015-02-01T15:59:03.323000",
"db": "NVD",
"id": "CVE-2014-7270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00881"
},
{
"date": "2015-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-75215"
},
{
"date": "2015-01-28T00:00:00",
"db": "BID",
"id": "72392"
},
{
"date": "2015-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000012"
},
{
"date": "2015-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-003"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-003"
}
],
"trust": 0.6
}
}
VAR-201404-0447
Vulnerability from variot - Updated: 2025-04-13 23:25Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. ASUS RT-AC68U is a router device. A remote attacker can exploit a vulnerability to build a malicious URI, entice a user to resolve, obtain sensitive cookies, hijack a session, or perform malicious operations on the client. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The vulnerability stems from the fact that the apply.cgi script does not filter the 'current_page' parameter correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.6,
"vendor": "t mobile",
"version": "3.0.0.4.376_3169"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_4887"
},
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_4983"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374.4755"
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5047"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asustek computer",
"version": "3.0.0.4.374.4755"
},
{
"model": "rt-ac68u 3.0.0.4.374 4887",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u 3.0.0.4.374 4983",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u 3.0.0.4.374 4755",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02220"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-436"
},
{
"db": "NVD",
"id": "CVE-2014-2925"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:asus:rt-ac68u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joaquim Brasil de Oliveira",
"sources": [
{
"db": "BID",
"id": "66669"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2925",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2925",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-02220",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-70864",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2925",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2925",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-02220",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-436",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70864",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02220"
},
{
"db": "VULHUB",
"id": "VHN-70864"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-436"
},
{
"db": "NVD",
"id": "CVE-2014-2925"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. ASUS RT-AC68U is a router device. A remote attacker can exploit a vulnerability to build a malicious URI, entice a user to resolve, obtain sensitive cookies, hijack a session, or perform malicious operations on the client. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The vulnerability stems from the fact that the apply.cgi script does not filter the \u0027current_page\u0027 parameter correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2925"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"db": "CNVD",
"id": "CNVD-2014-02220"
},
{
"db": "BID",
"id": "66669"
},
{
"db": "VULHUB",
"id": "VHN-70864"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2925",
"trust": 3.4
},
{
"db": "BID",
"id": "66669",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002211",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-436",
"trust": 0.7
},
{
"db": "OSVDB",
"id": "105383",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-02220",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20140404 REFLECTED CROSS-SITE SCRIPTING WITHIN THE ASUS RT-AC68U MANAGING WEB INTERFACE",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70864",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02220"
},
{
"db": "VULHUB",
"id": "VHN-70864"
},
{
"db": "BID",
"id": "66669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-436"
},
{
"db": "NVD",
"id": "CVE-2014-2925"
}
]
},
"id": "VAR-201404-0447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02220"
},
{
"db": "VULHUB",
"id": "VHN-70864"
}
],
"trust": 1.457301026
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02220"
}
]
},
"last_update_date": "2025-04-13T23:25:28.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AC68U",
"trust": 0.8,
"url": "http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/"
},
{
"title": "RT-N66U",
"trust": 0.8,
"url": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"title": "FW_RT-AC68U_30043745047",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49450"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-436"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70864"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"db": "NVD",
"id": "CVE-2014-2925"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/59"
},
{
"trust": 1.7,
"url": "http://support.asus.com/download.aspx?m=rt-n66u+%28ver.b1%29"
},
{
"trust": 1.7,
"url": "http://www.asus.com/networking/rtac68u/helpdesk_download/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/66669"
},
{
"trust": 1.1,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2925"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2925"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/105383"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02220"
},
{
"db": "VULHUB",
"id": "VHN-70864"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-436"
},
{
"db": "NVD",
"id": "CVE-2014-2925"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-02220"
},
{
"db": "VULHUB",
"id": "VHN-70864"
},
{
"db": "BID",
"id": "66669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-436"
},
{
"db": "NVD",
"id": "CVE-2014-2925"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02220"
},
{
"date": "2014-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-70864"
},
{
"date": "2014-04-04T00:00:00",
"db": "BID",
"id": "66669"
},
{
"date": "2014-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-436"
},
{
"date": "2014-04-22T13:06:30.743000",
"db": "NVD",
"id": "CVE-2014-2925"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02220"
},
{
"date": "2016-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-70864"
},
{
"date": "2014-04-23T19:01:00",
"db": "BID",
"id": "66669"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002211"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-436"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2925"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-436"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-AC68U And other RT Series router firmware Advanced_Wireless_Content.asp Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002211"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-436"
}
],
"trust": 0.6
}
}
VAR-201404-0120
Vulnerability from variot - Updated: 2025-04-13 23:25The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). ASUS RT-N56U is a wireless router product from ASUS Taiwan. A remote command injection vulnerability exists in the ASUS RT-N56U router, which originated from the program's incorrect filtering of user-submitted input. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected device. This vulnerability exists in ASUS RT-N56U routers running version 3.0.0.4.360 firmware. This may facilitate a complete compromise of an affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0120",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 2.2,
"vendor": "asus",
"version": "3.0.0.4.374.4755"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.374_4561"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.374_4887"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.0,
"vendor": "t mobile",
"version": "3.0.0.4.376_3169"
},
{
"model": "rt-ac68u 3.0.0.4.374 4887",
"scope": null,
"trust": 0.9,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5047"
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u 3.0.0.4.374 4561",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u 3.0.0.4.374 4755",
"scope": null,
"trust": 0.3,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "3.0.0.4.374.4561"
},
{
"model": "rt-ac68u",
"scope": "ne",
"trust": 0.3,
"vendor": "asus",
"version": "3.0.0.4.374.5656"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"db": "BID",
"id": "67672"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-426"
},
{
"db": "NVD",
"id": "CVE-2013-5948"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:asus:rt-ac68u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006342"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "drone",
"sources": [
{
"db": "BID",
"id": "60431"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-195"
}
],
"trust": 0.9
},
"cve": "CVE-2013-5948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2013-5948",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-07304",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-02646",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-65950",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5948",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-5948",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-07304",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-02646",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-426",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-65950",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"db": "VULHUB",
"id": "VHN-65950"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-426"
},
{
"db": "NVD",
"id": "CVE-2013-5948"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). ASUS RT-N56U is a wireless router product from ASUS Taiwan. \nA remote command injection vulnerability exists in the ASUS RT-N56U router, which originated from the program\u0027s incorrect filtering of user-submitted input. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected device. This vulnerability exists in ASUS RT-N56U routers running version 3.0.0.4.360 firmware. This may facilitate a complete compromise of an affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5948"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006342"
},
{
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-195"
},
{
"db": "BID",
"id": "67672"
},
{
"db": "BID",
"id": "60431"
},
{
"db": "VULHUB",
"id": "VHN-65950"
}
],
"trust": 3.87
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65950",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65950"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5948",
"trust": 3.4
},
{
"db": "BID",
"id": "60431",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006342",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "25998",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201404-426",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-07304",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-02646",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201306-195",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20140404 RE: REMOTE COMMAND EXECUTION WITHIN THE ASUS RT-AC68U MANAGING WEB INTERFACE",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20140404 REFLECTED CROSS-SITE SCRIPTING WITHIN THE ASUS RT-AC68U MANAGING WEB INTERFACE",
"trust": 0.6
},
{
"db": "BID",
"id": "67672",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-79649",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65950",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"db": "VULHUB",
"id": "VHN-65950"
},
{
"db": "BID",
"id": "67672"
},
{
"db": "BID",
"id": "60431"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-195"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-426"
},
{
"db": "NVD",
"id": "CVE-2013-5948"
}
]
},
"id": "VAR-201404-0120",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"db": "VULHUB",
"id": "VHN-65950"
}
],
"trust": 2.0250858000000003
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"db": "CNVD",
"id": "CNVD-2014-02646"
}
]
},
"last_update_date": "2025-04-13T23:25:28.745000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AC68U",
"trust": 0.8,
"url": "http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/"
},
{
"title": "RT-N66U",
"trust": 0.8,
"url": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"title": "ASUS RT-AC68U other RT series routers with firmware patch for any command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/45157"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006342"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65950"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006342"
},
{
"db": "NVD",
"id": "CVE-2013-5948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2014/apr/66"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2014/apr/59"
},
{
"trust": 1.7,
"url": "http://support.asus.com/download.aspx?m=rt-n66u+%28ver.b1%29"
},
{
"trust": 1.1,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5948"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5948"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/25998"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60431"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
},
{
"trust": 0.3,
"url": "http://support.asus.com/download.aspx?slanguage=en\u0026p=11\u0026s=2\u0026m=rt-ac68u\u0026os=30\u0026ft=20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"db": "VULHUB",
"id": "VHN-65950"
},
{
"db": "BID",
"id": "67672"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-195"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-426"
},
{
"db": "NVD",
"id": "CVE-2013-5948"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"db": "VULHUB",
"id": "VHN-65950"
},
{
"db": "BID",
"id": "67672"
},
{
"db": "BID",
"id": "60431"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006342"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-195"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-426"
},
{
"db": "NVD",
"id": "CVE-2013-5948"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"date": "2014-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"date": "2014-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-65950"
},
{
"date": "2014-04-22T00:00:00",
"db": "BID",
"id": "67672"
},
{
"date": "2013-06-07T00:00:00",
"db": "BID",
"id": "60431"
},
{
"date": "2014-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006342"
},
{
"date": "2013-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-195"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-426"
},
{
"date": "2014-04-22T13:06:25.070000",
"db": "NVD",
"id": "CVE-2013-5948"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"date": "2014-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02646"
},
{
"date": "2016-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65950"
},
{
"date": "2014-04-22T00:00:00",
"db": "BID",
"id": "67672"
},
{
"date": "2014-04-08T00:57:00",
"db": "BID",
"id": "60431"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006342"
},
{
"date": "2013-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-195"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-426"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-5948"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-195"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-426"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-N56U Router Remote Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07304"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-195"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "67672"
},
{
"db": "BID",
"id": "60431"
}
],
"trust": 0.6
}
}
VAR-201404-0636
Vulnerability from variot - Updated: 2025-04-13 23:05Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. ASUS RT-Series Wireless Routers is a wireless router device. ASUS RT-Series Wireless Routers 'Advanced_System_Content.asp' has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. ASUS RT-Series running firmware versions prior to 3.0.0.4.374.5517 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0636",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.318"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.220"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.374_4887"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "1.0.1.8n"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.374.4755"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.370"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.356"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.25"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.9"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.322"
},
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.0,
"vendor": "t mobile",
"version": "3.0.0.4.376_3169"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_4561"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.20"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.270"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.140"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.162"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "7.0.2.38b"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.334"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.108"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.178"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.342"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.134"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "7.0.1.21"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.7c"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "7.0.1.32"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.24"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.334"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.246"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.2.3"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.10"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.176"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.19"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.7"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.360"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.342"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.346"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.4o"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.16"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.246"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.272"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.220"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.8j"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.354"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.7f"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "8.1.1.4"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.8l"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.4"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.354"
},
{
"model": "rt-ac66u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n10e",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n14u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n16",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n56u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n65u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n66u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-series wireless routers",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.374.5517"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:asus:rt-ac68u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n10e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n14u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n65u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Longenecker",
"sources": [
{
"db": "BID",
"id": "66954"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2719",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2014-2719",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-02538",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-70658",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2719",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2719",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-02538",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-434",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70658",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. ASUS RT-Series Wireless Routers is a wireless router device. ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. \nASUS RT-Series running firmware versions prior to 3.0.0.4.374.5517 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "BID",
"id": "66954"
},
{
"db": "VULHUB",
"id": "VHN-70658"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-70658",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70658"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2719",
"trust": 3.1
},
{
"db": "BID",
"id": "66954",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-02538",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20140416 ASUS RT-XXXX SOHO ROUTERS EXPOSE ADMIN PASSWORD, FIXED IN 3.0.0.4.374.5517",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "126213",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-70658",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "BID",
"id": "66954"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"id": "VAR-201404-0636",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
}
],
"trust": 1.3092795819999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
}
]
},
"last_update_date": "2025-04-13T23:05:08.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-N66U",
"trust": 0.8,
"url": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"title": "ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 Patch for Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/45075"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2014/apr/225"
},
{
"trust": 1.7,
"url": "http://support.asus.com/download.aspx?m=rt-n66u+%28ver.b1%29"
},
{
"trust": 1.7,
"url": "http://dnlongen.blogspot.com/2014/04/cve-2014-2719-asus-rt-password-disclosure.html"
},
{
"trust": 1.1,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2719"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2719"
},
{
"trust": 0.8,
"url": "http://dnlongen.blogspot.jp/2014/04/cve-2014-2719-asus-rt-password-disclosure.html"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "BID",
"id": "66954"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "BID",
"id": "66954"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"date": "2014-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-70658"
},
{
"date": "2014-04-14T00:00:00",
"db": "BID",
"id": "66954"
},
{
"date": "2014-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"date": "2014-04-22T13:06:29.493000",
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"date": "2016-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-70658"
},
{
"date": "2014-04-14T00:00:00",
"db": "BID",
"id": "66954"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "BID",
"id": "66954"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
}
],
"trust": 0.6
}
}
VAR-202302-0295
Vulnerability from variot - Updated: 2025-03-28 02:50Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. ASUS RT-AC68U A vulnerability exists in router firmware related to the use of incorrectly resolved names or references.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.41634"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "rt-ac68u firmware 3.0.0.4.386.41634"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"db": "NVD",
"id": "CVE-2021-37315"
}
]
},
"cve": "CVE-2021-37315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-37315",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-37315",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-37315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-37315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-37315",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-243",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-243"
},
{
"db": "NVD",
"id": "CVE-2021-37315"
},
{
"db": "NVD",
"id": "CVE-2021-37315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. ASUS RT-AC68U A vulnerability exists in router firmware related to the use of incorrectly resolved names or references.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"db": "VULMON",
"id": "CVE-2021-37315"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37315",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020125",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-243",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-37315",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-243"
},
{
"db": "NVD",
"id": "CVE-2021-37315"
}
]
},
"id": "VAR-202302-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5603147
},
"last_update_date": "2025-03-28T02:50:03.177000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
},
{
"title": "ASUS RT-AC68U Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=223773"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-706",
"trust": 1.0
},
{
"problemtype": "Use of incorrectly resolved names and references (CWE-706) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"db": "NVD",
"id": "CVE-2021-37315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://robertchen.cc/blog/2021/03/31/asus-rce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37315"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-37315/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-243"
},
{
"db": "NVD",
"id": "CVE-2021-37315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-37315"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-243"
},
{
"db": "NVD",
"id": "CVE-2021-37315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37315"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-243"
},
{
"date": "2023-02-03T18:15:12.277000",
"db": "NVD",
"id": "CVE-2021-37315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37315"
},
{
"date": "2023-09-13T01:21:00",
"db": "JVNDB",
"id": "JVNDB-2021-020125"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-243"
},
{
"date": "2025-03-26T21:15:17.320000",
"db": "NVD",
"id": "CVE-2021-37315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-243"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS\u00a0RT-AC68U\u00a0 Misresolved name or reference usage vulnerability in router firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020125"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-243"
}
],
"trust": 0.6
}
}
VAR-202302-0417
Vulnerability from variot - Updated: 2025-03-28 02:46SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. RT-AC68U The router firmware has SQL There is an injection vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.41634"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "rt-ac68u firmware 3.0.0.4.386.41634"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"db": "NVD",
"id": "CVE-2021-37316"
}
]
},
"cve": "CVE-2021-37316",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-37316",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-37316",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-37316",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-37316",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-37316",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-242",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-242"
},
{
"db": "NVD",
"id": "CVE-2021-37316"
},
{
"db": "NVD",
"id": "CVE-2021-37316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. RT-AC68U The router firmware has SQL There is an injection vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"db": "VULMON",
"id": "CVE-2021-37316"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37316",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020124",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-242",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-37316",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-242"
},
{
"db": "NVD",
"id": "CVE-2021-37316"
}
]
},
"id": "VAR-202302-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5603147
},
"last_update_date": "2025-03-28T02:46:32.805000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
},
{
"title": "ASUS RT-AC68U SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=224822"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-242"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"db": "NVD",
"id": "CVE-2021-37316"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://robertchen.cc/blog/2021/03/31/asus-rce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37316"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-37316/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-242"
},
{
"db": "NVD",
"id": "CVE-2021-37316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-37316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-242"
},
{
"db": "NVD",
"id": "CVE-2021-37316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37316"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-242"
},
{
"date": "2023-02-03T18:15:12.373000",
"db": "NVD",
"id": "CVE-2021-37316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37316"
},
{
"date": "2023-09-13T01:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-020124"
},
{
"date": "2023-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-242"
},
{
"date": "2025-03-26T19:15:16.053000",
"db": "NVD",
"id": "CVE-2021-37316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-242"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RT-AC68U\u00a0 in router firmware \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020124"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-242"
}
],
"trust": 0.6
}
}
VAR-202302-0263
Vulnerability from variot - Updated: 2025-03-28 02:25Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. ASUS RT-AC68U A path traversal vulnerability exists in router firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.41634"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "rt-ac68u firmware 3.0.0.4.386.41634"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020123"
},
{
"db": "NVD",
"id": "CVE-2021-37317"
}
]
},
"cve": "CVE-2021-37317",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-37317",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-37317",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-37317",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-37317",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-37317",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-241",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020123"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-241"
},
{
"db": "NVD",
"id": "CVE-2021-37317"
},
{
"db": "NVD",
"id": "CVE-2021-37317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. ASUS RT-AC68U A path traversal vulnerability exists in router firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37317"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020123"
},
{
"db": "VULMON",
"id": "CVE-2021-37317"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37317",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020123",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-241",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-37317",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37317"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020123"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-241"
},
{
"db": "NVD",
"id": "CVE-2021-37317"
}
]
},
"id": "VAR-202302-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5603147
},
"last_update_date": "2025-03-28T02:25:28.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020123"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020123"
},
{
"db": "NVD",
"id": "CVE-2021-37317"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://robertchen.cc/blog/2021/03/31/asus-rce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37317"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-37317/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37317"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020123"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-241"
},
{
"db": "NVD",
"id": "CVE-2021-37317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-37317"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020123"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-241"
},
{
"db": "NVD",
"id": "CVE-2021-37317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37317"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020123"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-241"
},
{
"date": "2023-02-03T18:15:12.513000",
"db": "NVD",
"id": "CVE-2021-37317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37317"
},
{
"date": "2023-09-13T01:15:00",
"db": "JVNDB",
"id": "JVNDB-2021-020123"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-241"
},
{
"date": "2025-03-26T19:15:16.220000",
"db": "NVD",
"id": "CVE-2021-37317"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-241"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS\u00a0RT-AC68U\u00a0 Path traversal vulnerability in router firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020123"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-241"
}
],
"trust": 0.6
}
}
VAR-202203-1868
Vulnerability from variot - Updated: 2024-11-23 23:03ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). ASUSTeK Computer Inc. ASUS AC68U is a router from China ASUS (ASUS). The vulnerability is caused by incorrect validation of data boundaries when performing operations on memory in blocking.cgi
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1868",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.385.20852"
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 0.8,
"vendor": "asustek computer",
"version": "rt-ac68u firmware 3.0.0.4.385.20852 and earlier"
},
{
"model": "ac68u",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.385.20852"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019012"
},
{
"db": "NVD",
"id": "CVE-2021-45757"
}
]
},
"cve": "CVE-2021-45757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-45757",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-31524",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45757",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-45757",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45757",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-45757",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-31524",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2028",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019012"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2028"
},
{
"db": "NVD",
"id": "CVE-2021-45757"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS AC68U \u003c=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). ASUSTeK Computer Inc. ASUS AC68U is a router from China ASUS (ASUS). The vulnerability is caused by incorrect validation of data boundaries when performing operations on memory in blocking.cgi",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45757"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019012"
},
{
"db": "CNVD",
"id": "CNVD-2022-31524"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45757",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019012",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-31524",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2028",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019012"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2028"
},
{
"db": "NVD",
"id": "CVE-2021-45757"
}
]
},
"id": "VAR-202203-1868",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31524"
}
],
"trust": 1.23165305
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31524"
}
]
},
"last_update_date": "2024-11-23T23:03:54.197000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019012"
},
{
"db": "NVD",
"id": "CVE-2021-45757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://asus.com"
},
{
"trust": 2.4,
"url": "https://github.com/ibuili/asus"
},
{
"trust": 1.6,
"url": "http://ac68u.com"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45757"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-45757/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019012"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2028"
},
{
"db": "NVD",
"id": "CVE-2021-45757"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-31524"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019012"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2028"
},
{
"db": "NVD",
"id": "CVE-2021-45757"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-31524"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019012"
},
{
"date": "2022-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2028"
},
{
"date": "2022-03-23T11:15:08.203000",
"db": "NVD",
"id": "CVE-2021-45757"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-31524"
},
{
"date": "2023-07-13T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-019012"
},
{
"date": "2022-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2028"
},
{
"date": "2024-11-21T06:33:00.730000",
"db": "NVD",
"id": "CVE-2021-45757"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSTeK\u00a0Computer\u00a0Inc.\u00a0 of \u00a0RT-AC68U\u00a0 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2028"
}
],
"trust": 0.6
}
}
VAR-201805-0312
Vulnerability from variot - Updated: 2024-11-23 22:52Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability (CWE-79). Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac87u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.378.9383"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware version prior to 3.0.0.4.378.9383"
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.378.9383"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.378.3754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-429"
},
{
"db": "NVD",
"id": "CVE-2018-0581"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac87u",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
}
]
},
"cve": "CVE-2018-0581",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0581",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000042",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-09580",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-118783",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0581",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000042",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0581",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000042",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-09580",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118783",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"db": "VULHUB",
"id": "VHN-118783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-429"
},
{
"db": "NVD",
"id": "CVE-2018-0581"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability (CWE-79). Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0581"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"db": "VULHUB",
"id": "VHN-118783"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN33901663",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-0581",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000042",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09580",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-429",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118783",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"db": "VULHUB",
"id": "VHN-118783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-429"
},
{
"db": "NVD",
"id": "CVE-2018-0581"
}
]
},
"id": "VAR-201805-0312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"db": "VULHUB",
"id": "VHN-118783"
}
],
"trust": 1.271824
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09580"
}
]
},
"last_update_date": "2024-11-23T22:52:05.602000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AC87U BIOS \u0026 FIRMWARE",
"trust": 0.8,
"url": "https://www.asus.com/en/Networking/RTAC87U/HelpDesk_BIOS/"
},
{
"title": "Patch for ASUSRT-AC68U Cross-Site Scripting Vulnerability (CNVD-2018-09580)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/129243"
},
{
"title": "ASUS RT-AC68U Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80045"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"db": "NVD",
"id": "CVE-2018-0581"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn33901663/index.html"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking/rtac87u/helpdesk_bios/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0581"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0581"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"db": "VULHUB",
"id": "VHN-118783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-429"
},
{
"db": "NVD",
"id": "CVE-2018-0581"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"db": "VULHUB",
"id": "VHN-118783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-429"
},
{
"db": "NVD",
"id": "CVE-2018-0581"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-118783"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"date": "2018-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-429"
},
{
"date": "2018-05-14T13:29:01.790000",
"db": "NVD",
"id": "CVE-2018-0581"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09580"
},
{
"date": "2018-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-118783"
},
{
"date": "2018-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000042"
},
{
"date": "2018-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-429"
},
{
"date": "2024-11-21T03:38:31.450000",
"db": "NVD",
"id": "CVE-2018-0581"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-429"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RT-AC87U vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000042"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-429"
}
],
"trust": 0.6
}
}
VAR-201909-1387
Vulnerability from variot - Updated: 2024-11-23 22:51An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak. ASUSWRT Contains a classic buffer overflow vulnerability.Information may be obtained. ASUS Asuswrt-Merlin is a firmware that runs in its router from Taiwan's ASUS Corporation (ASUS).
ASUS Asuswrt-Merlin 3.0.0.4.384.20308 version of the wanduck.c file ‘parse_req_queries’ function has a buffer overflow vulnerability. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt-merlin",
"scope": "eq",
"trust": 2.2,
"vendor": "asus",
"version": "3.0.0.4.384.20308"
},
{
"model": "asuswrt-merlin",
"scope": "eq",
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.384.20308"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-804"
},
{
"db": "NVD",
"id": "CVE-2018-20336"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:asuswrt-merlin",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
}
]
},
"cve": "CVE-2018-20336",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20336",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19212",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-131132",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20336",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-20336",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20336",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-20336",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19212",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-804",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-131132",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-20336",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"db": "VULHUB",
"id": "VHN-131132"
},
{
"db": "VULMON",
"id": "CVE-2018-20336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-804"
},
{
"db": "NVD",
"id": "CVE-2018-20336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak. ASUSWRT Contains a classic buffer overflow vulnerability.Information may be obtained. ASUS Asuswrt-Merlin is a firmware that runs in its router from Taiwan\u0027s ASUS Corporation (ASUS). \n\r\n\r\nASUS Asuswrt-Merlin 3.0.0.4.384.20308 version of the wanduck.c file \u2018parse_req_queries\u2019 function has a buffer overflow vulnerability. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"db": "VULHUB",
"id": "VHN-131132"
},
{
"db": "VULMON",
"id": "CVE-2018-20336"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20336",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016073",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-804",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-19212",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-131132",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-20336",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"db": "VULHUB",
"id": "VHN-131132"
},
{
"db": "VULMON",
"id": "CVE-2018-20336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-804"
},
{
"db": "NVD",
"id": "CVE-2018-20336"
}
]
},
"id": "VAR-201909-1387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"db": "VULHUB",
"id": "VHN-131132"
}
],
"trust": 1.28278895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19212"
}
]
},
"last_update_date": "2024-11-23T22:51:39.243000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.asuswrt-merlin.net/"
},
{
"title": "Patch for ASUS Asuswrt-Merlin buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210721"
},
{
"title": "ASUS Asuswrt-Merlin Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98337"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-804"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"db": "NVD",
"id": "CVE-2018-20336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.asus.com/networking/rt-ac1200g-plus/helpdesk_bios/"
},
{
"trust": 2.6,
"url": "https://starlabs.sg/advisories/18-20336/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20336"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20336"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"db": "VULHUB",
"id": "VHN-131132"
},
{
"db": "VULMON",
"id": "CVE-2018-20336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-804"
},
{
"db": "NVD",
"id": "CVE-2018-20336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"db": "VULHUB",
"id": "VHN-131132"
},
{
"db": "VULMON",
"id": "CVE-2018-20336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-804"
},
{
"db": "NVD",
"id": "CVE-2018-20336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-131132"
},
{
"date": "2019-09-17T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20336"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"date": "2019-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-804"
},
{
"date": "2019-09-17T16:15:10.747000",
"db": "NVD",
"id": "CVE-2018-20336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19212"
},
{
"date": "2019-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-131132"
},
{
"date": "2019-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20336"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016073"
},
{
"date": "2019-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-804"
},
{
"date": "2024-11-21T04:01:15.807000",
"db": "NVD",
"id": "CVE-2018-20336"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-804"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSWRT Vulnerable to classic buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016073"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-804"
}
],
"trust": 0.6
}
}
VAR-202104-1666
Vulnerability from variot - Updated: 2024-11-23 22:47In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-1666",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac85u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1750 b1",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac5300",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac66u b1",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68p",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac3100",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax82u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac1900u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "zenwifi ax \\",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68w",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac1900p",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac2900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac85u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68rw",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1750 b1",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac66u b1",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax56u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac65u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68r",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68p",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac3100",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68w",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac5300",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1900p",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac2900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68rw",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax82u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68r",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "zenwifi ax \\",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax56u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac65u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac1900u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"cve": "CVE-2021-3128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-3128",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-3128",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3128",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-652",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-3128",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware \u003c 3.0.0.4.386.42095 or \u003c 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP\u0027s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3128"
},
{
"db": "VULMON",
"id": "CVE-2021-3128"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3128",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-3128",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"id": "VAR-202104-1666",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5126495055
},
"last_update_date": "2024-11-23T22:47:39.136000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUS router Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147226"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-834",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac3100/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax55/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac1900p/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax88u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68rw/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac65u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-ax-xt8-/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax82u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac2900/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac1900u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac1900/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax86u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac58u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax58u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac86u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac1750_b1/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax3000/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ac66u-b1/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax68u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac88u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax56u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac5300/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68w/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68p/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68r/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac85u/helpdesk_download/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3128"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/834.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"date": "2021-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"date": "2021-04-12T19:15:14.830000",
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"date": "2021-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"date": "2024-11-21T06:20:56.883000",
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-AX3000 Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
}
],
"trust": 0.6
}
}
VAR-202203-1484
Vulnerability from variot - Updated: 2024-11-23 22:15Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. ASUSTeK Computer Inc. of RT-AC68U firmware and RT-AC5300 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ASUS RT-AC68U and ASUS RT-AC5300 are both routers from the Chinese company ASUS (ASUS).
Asus RT-AC68U versions prior to 3.0.0.4.385.20633 and RT-AC5300 versions prior to 3.0.0.4.384.82072 have a command injection vulnerability. The vulnerability stems from the fact that when performing operations on memory in blocking_request.cgi, the data boundary is not properly verified. Exploiting this vulnerability leads to arbitrary command execution
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1484",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.385.20633"
},
{
"model": "rt-ac5300",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.384.82072"
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31523"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019013"
},
{
"db": "NVD",
"id": "CVE-2021-45756"
}
]
},
"cve": "CVE-2021-45756",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-45756",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-31523",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45756",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45756",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45756",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-45756",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-31523",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2029",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31523"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019013"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2029"
},
{
"db": "NVD",
"id": "CVE-2021-45756"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asus RT-AC68U \u003c3.0.0.4.385.20633 and RT-AC5300 \u003c3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. ASUSTeK Computer Inc. of RT-AC68U firmware and RT-AC5300 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ASUS RT-AC68U and ASUS RT-AC5300 are both routers from the Chinese company ASUS (ASUS). \n\r\n\r\nAsus RT-AC68U versions prior to 3.0.0.4.385.20633 and RT-AC5300 versions prior to 3.0.0.4.384.82072 have a command injection vulnerability. The vulnerability stems from the fact that when performing operations on memory in blocking_request.cgi, the data boundary is not properly verified. Exploiting this vulnerability leads to arbitrary command execution",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45756"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019013"
},
{
"db": "CNVD",
"id": "CNVD-2022-31523"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45756",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019013",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-31523",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2029",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31523"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019013"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2029"
},
{
"db": "NVD",
"id": "CVE-2021-45756"
}
]
},
"id": "VAR-202203-1484",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31523"
}
],
"trust": 1.203074
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31523"
}
]
},
"last_update_date": "2024-11-23T22:15:50.892000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019013"
},
{
"db": "NVD",
"id": "CVE-2021-45756"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://asus.com"
},
{
"trust": 2.4,
"url": "https://github.com/ibuili/asus"
},
{
"trust": 1.6,
"url": "http://rt-ac68u.com"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45756"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-45756/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-31523"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019013"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2029"
},
{
"db": "NVD",
"id": "CVE-2021-45756"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-31523"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019013"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2029"
},
{
"db": "NVD",
"id": "CVE-2021-45756"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-31523"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019013"
},
{
"date": "2022-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2029"
},
{
"date": "2022-03-23T11:15:08.087000",
"db": "NVD",
"id": "CVE-2021-45756"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-31523"
},
{
"date": "2023-07-13T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-019013"
},
{
"date": "2022-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2029"
},
{
"date": "2024-11-21T06:33:00.580000",
"db": "NVD",
"id": "CVE-2021-45756"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSTeK\u00a0Computer\u00a0Inc.\u00a0 of \u00a0RT-AC68U\u00a0 firmware and \u00a0RT-AC5300\u00a0 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019013"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2029"
}
],
"trust": 0.6
}
}
VAR-201804-1341
Vulnerability from variot - Updated: 2024-11-23 22:06Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. plural ASUS The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS RT-AC66U, etc. are all wireless router products of ASUS. Attackers can use the percent and desktOP fields of the System Cmd variable to inject this vulnerability and execute operating system commands with higher authority. The following products and versions are affected: ASUS RT-AC66U; RT-AC68U; RT-AC86U; RT-AC88U; RT-AC1900; .382.39935 prior; RT-AC87U and RT-AC3200 prior to 3.0.0.4.382.50010; RT-AC5300 prior to 3.0.0.4.384.20287
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n18u",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.382.39935"
},
{
"model": "rt-ac87u",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.382.50010"
},
{
"model": "rt-ac3200",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.382.50010"
},
{
"model": "rt-ac5300",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.384.20287"
},
{
"model": "rt-ac86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac2900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac3100",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac1900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac66u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac1900",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac2900",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac86u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac87u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac86u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1900",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac2900",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100 \u003c3.0.0.4.384 10007",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.246"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.354"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374.5047"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374_4887"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.140"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374.4755"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.220"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.270"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374_4561"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac1900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac2900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac3200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac5300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac86u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac87u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac88u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n18u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "b1ack0wl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
}
],
"trust": 0.6
},
"cve": "CVE-2018-9285",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-9285",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-63980",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-139317",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-9285",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-9285",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-9285",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-63980",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-298",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-139317",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-9285",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. plural ASUS The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS RT-AC66U, etc. are all wireless router products of ASUS. Attackers can use the percent and desktOP fields of the System Cmd variable to inject this vulnerability and execute operating system commands with higher authority. The following products and versions are affected: ASUS RT-AC66U; RT-AC68U; RT-AC86U; RT-AC88U; RT-AC1900; .382.39935 prior; RT-AC87U and RT-AC3200 prior to 3.0.0.4.382.50010; RT-AC5300 prior to 3.0.0.4.384.20287",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-139317",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139317"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9285",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "160049",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-63980",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298",
"trust": 0.7
},
{
"db": "CXSECURITY",
"id": "WLB-2020110103",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-139317",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-9285",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"id": "VAR-201804-1341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
}
],
"trust": 1.297841215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
}
]
},
"last_update_date": "2024-11-23T22:06:52.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.asus.com/sg/"
},
{
"title": "Patch for ASUS TM-AC1900 arbitrary command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/240217"
},
{
"title": "Multiple ASUS Product operating system command injection vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83120"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/160049/asus-tm-ac1900-arbitrary-command-execution.html"
},
{
"trust": 2.6,
"url": "https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html"
},
{
"trust": 1.8,
"url": "https://fortiguard.com/zeroday/fg-vd-17-216"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9285"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9285"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020110103"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"date": "2018-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-139317"
},
{
"date": "2018-04-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"date": "2018-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"date": "2018-04-04T19:29:00.687000",
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"date": "2018-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-139317"
},
{
"date": "2020-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"date": "2020-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"date": "2024-11-21T04:15:17.713000",
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS In product OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
}
],
"trust": 0.6
}
}
VAR-201805-0313
Vulnerability from variot - Updated: 2024-11-23 21:38Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability (CWE-79). Yuto MAEDA of University of Tsukuba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.380.1031"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware version prior to 3.0.0.4.380.1031"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374_4983"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.376.3715"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374.5047"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374_4887"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374.4755"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374_4561"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-428"
},
{
"db": "NVD",
"id": "CVE-2018-0582"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000044"
}
]
},
"cve": "CVE-2018-0582",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0582",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000044",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-10710",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-118784",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0582",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000044",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0582",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000044",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-10710",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-428",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118784",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"db": "VULHUB",
"id": "VHN-118784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-428"
},
{
"db": "NVD",
"id": "CVE-2018-0582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability (CWE-79). Yuto MAEDA of University of Tsukuba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0582"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"db": "VULHUB",
"id": "VHN-118784"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN73742314",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-0582",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000044",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-428",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-10710",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118784",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"db": "VULHUB",
"id": "VHN-118784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-428"
},
{
"db": "NVD",
"id": "CVE-2018-0582"
}
]
},
"id": "VAR-201805-0313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"db": "VULHUB",
"id": "VHN-118784"
}
],
"trust": 1.2603147
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10710"
}
]
},
"last_update_date": "2024-11-23T21:38:58.316000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AC68U BIOS \u0026 FIRMWARE",
"trust": 0.8,
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
},
{
"title": "Patch for ASUSRT-AC68U Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/130719"
},
{
"title": "ASUS RT-AC68U Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80044"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-428"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"db": "NVD",
"id": "CVE-2018-0582"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn73742314/index.html"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking/rtac68u/helpdesk_bios/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0582"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0582"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"db": "VULHUB",
"id": "VHN-118784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-428"
},
{
"db": "NVD",
"id": "CVE-2018-0582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"db": "VULHUB",
"id": "VHN-118784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-428"
},
{
"db": "NVD",
"id": "CVE-2018-0582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-118784"
},
{
"date": "2018-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"date": "2018-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-428"
},
{
"date": "2018-05-14T13:29:01.960000",
"db": "NVD",
"id": "CVE-2018-0582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"date": "2018-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-118784"
},
{
"date": "2018-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000044"
},
{
"date": "2018-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-428"
},
{
"date": "2024-11-21T03:38:31.577000",
"db": "NVD",
"id": "CVE-2018-0582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-428"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-AC68U Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10710"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-428"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-428"
}
],
"trust": 0.6
}
}
VAR-202207-0160
Vulnerability from variot - Updated: 2024-08-14 15:27ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U is a wireless router from ASUS (ASUS) in Taiwan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zenwifi xd4s",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ac mini",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac58u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax86u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-acrh13",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12vp b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2400",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi pro et12",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac5300",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12e c1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac55u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68uf",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi xd6",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1300g\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2200",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66u\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac56s",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax82u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1300uhp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12hp b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac85u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200g",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "tuf gaming ax3000 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac55uhp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1750 b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n14uhp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac3100",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi pro xt12",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac51u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi et8",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax92u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66w",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax58u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax55",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac3200",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi xt9",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rog rapture gt-ac5300",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1750",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax3000",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rog rapture gt-ax11000",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax89x",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi xd5",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ax hybrid",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac52u b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1900",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12\\+ b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200g\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66w",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ax mini",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2900",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac53",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac85p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n19",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68w",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200gu",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac51u\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax88u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12d1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac65p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1900u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ax",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "4g-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ac",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac57u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n18u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac86u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66u b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "4g-ac53u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2600",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac87r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-acrh17",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "tuf gaming ax5400",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12e b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rog rapture gt-ac2900",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200hp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1900p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac56r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac88u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66c1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-a88u 3.0.0.4.386 45898",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"cve": "CVE-2021-43702",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-43702",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-58229",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2021-43702",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43702",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-58229",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-389",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-43702",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U is a wireless router from ASUS (ASUS) in Taiwan",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43702"
},
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43702",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2022-58229",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43702",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"id": "VAR-202207-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
}
],
"trust": 1.2372652696875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
}
]
},
"last_update_date": "2024-08-14T15:27:14.485000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ASUS RT-A88U Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/345646"
},
{
"title": "ASUS RT-A88U Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200692"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
},
{
"trust": 1.7,
"url": "https://www.asus.com/uk/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ac88u/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-43702/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"date": "2022-07-05T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"date": "2022-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"date": "2022-07-05T12:15:07.830000",
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"date": "2022-07-18T15:27:57.557000",
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-A88U Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
],
"trust": 0.6
}
}
VAR-201401-0754
Vulnerability from variot - Updated: 2022-05-17 02:09Multiple ASUS RT routers are prone to an unspecified security bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions on the affected application. This may aid in further attacks. ASUS RT-AC68U, RT-AC56U, RT-AC66U, RT-N66U, RT-N16 are vulnerable.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0754",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "65558"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyle Lovett",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ASUS RT routers are prone to an unspecified security bypass vulnerability.\nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions on the affected application. This may aid in further attacks.\nASUS RT-AC68U, RT-AC56U, RT-AC66U, RT-N66U, RT-N16 are vulnerable.",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "65558",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "65558"
}
]
},
"id": "VAR-201401-0754",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.539766506
},
"last_update_date": "2022-05-17T02:09:50.265000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "https://www.asus.com/networking/rtac68u/#support"
},
{
"trust": 0.3,
"url": "https://www.asus.com/"
}
],
"sources": [
{
"db": "BID",
"id": "65558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "65558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-06T00:00:00",
"db": "BID",
"id": "65558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-06T00:00:00",
"db": "BID",
"id": "65558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ASUS RT Routers Remote Security Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
}
}
VAR-201403-0712
Vulnerability from variot - Updated: 2022-05-17 01:51ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. An attacker could leverage this issue to bypass the authentication mechanism and obtain sensitive information. The following products running firmware version 3.0.0.4.374.x are vulnerable: RT-AC68U Dual-band Wireless-AC1900 Gigabit Router RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router RT-N66R Dual-Band Wireless-N900 Gigabit Router RT-N66U Dual-Band Wireless-N900 Gigabit Router RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router RT-N56R Dual-Band Wireless-AC1200 Gigabit Router RT-N56U Dual-Band Wireless-AC1200 Gigabit Router RT-N14U Wireless-N300 Cloud Router RT-N14UHP Wireless-N300 Cloud Router RT-N16 Wireless-N300 Gigabit Router RT-N16R Wireless-N300 Gigabit Router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac56u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n14u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16 router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56r router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66r router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66r router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n14uhp router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16r router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u wireless router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n14uhp",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kyle Lovett",
"sources": [
{
"db": "BID",
"id": "65861"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01390",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-01390",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. \nAn attacker could leverage this issue to bypass the authentication mechanism and obtain sensitive information. \nThe following products running firmware version 3.0.0.4.374.x are vulnerable:\nRT-AC68U Dual-band Wireless-AC1900 Gigabit Router\nRT-AC66R Dual-Band Wireless-AC1750 Gigabit Router\nRT-AC66U Dual-Band Wireless-AC1750 Gigabit Router\nRT-N66R Dual-Band Wireless-N900 Gigabit Router\nRT-N66U Dual-Band Wireless-N900 Gigabit Router\nRT-AC56U Dual-Band Wireless-AC1200 Gigabit Router\nRT-N56R Dual-Band Wireless-AC1200 Gigabit Router\nRT-N56U Dual-Band Wireless-AC1200 Gigabit Router\nRT-N14U Wireless-N300 Cloud Router\nRT-N14UHP Wireless-N300 Cloud Router\nRT-N16 Wireless-N300 Gigabit Router\nRT-N16R Wireless-N300 Gigabit Router",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "65861",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "56905",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-01390",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
]
},
"id": "VAR-201403-0712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
],
"trust": 1.411373705909091
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
]
},
"last_update_date": "2022-05-17T01:51:10.409000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for multiple ASUS routers \u0027smb.xml\u0027 authentication bypass vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/43991"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56905/"
},
{
"trust": 0.3,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0032.html"
},
{
"trust": 0.3,
"url": "http://www.asus.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"date": "2014-02-08T00:00:00",
"db": "BID",
"id": "65861"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"date": "2014-02-08T00:00:00",
"db": "BID",
"id": "65861"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "65861"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ASUS Router \u0027smb.xml\u0027 Authentication Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "65861"
}
],
"trust": 0.3
}
}
CVE-2024-3080 (GCVE-0-2024-3080)
Vulnerability from nvd – Published: 2024-06-14 02:57 – Updated: 2024-08-01 19:32
VLAI
Title
ASUS Router - Improper Authentication
Summary
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7859-0e104-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html | third-party-advisory |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | ZenWiFi XT8 |
Affected:
earlier , ≤ 3.0.0.4.388_24609
(custom)
|
|
| ASUS | ZenWiFi XT8 V2 |
Affected:
earlier , ≤ 3.0.0.4.388_24609
(custom)
|
|
| ASUS | RT-AX88U |
Affected:
earlier , ≤ 3.0.0.4.388_24198
(custom)
|
|
| ASUS | RT-AX58U |
Affected:
earlier , ≤ 3.0.0.4.388_23925
(custom)
|
|
| ASUS | RT-AX57 |
Affected:
earlier , ≤ 3.0.0.4.386_52294
(custom)
|
|
| ASUS | RT-AC86U |
Affected:
earlier , ≤ 3.0.0.4.386_51915
(custom)
|
|
| ASUS | RT-AC68U |
Affected:
earlier , ≤ 3.0.0.4.386_51668
(custom)
|
|
| asus | rt-ax58u_firmware |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ax88u_firmware |
Affected:
0 , < 3.0.0.4.388_24209
(custom)
cpe:2.3:o:asus:rt-ax88u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ax57_firmware |
Affected:
0 , < 3.0.0.4.386_52294
(custom)
cpe:2.3:o:asus:rt-ax57_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ac86u_firmware |
Affected:
0 , < 3.0.0.4.386_51915
(custom)
cpe:2.3:o:asus:rt-ac86u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ac68u_firmware |
Affected:
0 , < 3.0.0.4.386_51668
(custom)
cpe:2.3:o:asus:rt-ac68u_firmware:-:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8_firmware |
Affected:
0 , < 3.0.0.4.388_24609
(custom)
cpe:2.3:o:asus:zenwifi_xt8_firmware:-:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8_v2_firmware |
Affected:
0 , < 3.0.0.4.388_24609
(custom)
cpe:2.3:o:asus:zenwifi_xt8_v2_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-06-14 02:46
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax58u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ax88u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax88u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ax57_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax57_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_52294",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ac86u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac86u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51915",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ac68u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51668",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:zenwifi_xt8_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24609",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:zenwifi_xt8_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8_v2_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24609",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T03:55:18.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7859-0e104-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZenWiFi XT8",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24609",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ZenWiFi XT8 V2",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24609",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX88U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24198",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX58U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_23925",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX57",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_52294",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC86U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_51915",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_51668",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-14T02:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device."
}
],
"value": "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T02:59:53.642Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7859-0e104-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html"
}
],
"source": {
"advisory": "TVN-202406003",
"discovery": "EXTERNAL"
},
"title": "ASUS Router - Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-3080",
"datePublished": "2024-06-14T02:57:27.002Z",
"dateReserved": "2024-03-29T07:18:06.343Z",
"dateUpdated": "2024-08-01T19:32:42.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3079 (GCVE-0-2024-3079)
Vulnerability from nvd – Published: 2024-06-14 02:32 – Updated: 2024-08-01 19:32
VLAI
Title
ASUS Router - Stack-based Buffer Overflow
Summary
Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7857-5726f-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html | third-party-advisory |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | ZenWiFi XT8 |
Affected:
earlier , ≤ 3.0.0.4.388_24609
(custom)
|
|
| ASUS | ZenWiFi XT8 V2 |
Affected:
earlier , ≤ 3.0.0.4.388_24609
(custom)
|
|
| ASUS | RT-AX88U |
Affected:
earlier , ≤ 3.0.0.4.388_24198
(custom)
|
|
| ASUS | RT-AX58U |
Affected:
earlier , ≤ 3.0.0.4.388_23925
(custom)
|
|
| ASUS | RT-AX57 |
Affected:
earlier , ≤ 3.0.0.4.386_52294
(custom)
|
|
| ASUS | RT-AC86U |
Affected:
earlier , ≤ 3.0.0.4.386_51915
(custom)
|
|
| ASUS | RT-AC68U |
Affected:
earlier , ≤ 3.0.0.4.386_51668
(custom)
|
|
| asus | rt-ax58u_firmware |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ax88u_firmware |
Affected:
0 , < 3.0.0.4.388_24209
(custom)
cpe:2.3:o:asus:rt-ax88u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ax57_firmware |
Affected:
0 , < 3.0.0.4.386_52294
(custom)
cpe:2.3:o:asus:rt-ax57_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ac86u_firmware |
Affected:
0 , < 3.0.0.4.386_51915
(custom)
cpe:2.3:o:asus:rt-ac86u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ac68u_firmware |
Affected:
0 , < 3.0.0.4.386_51668
(custom)
cpe:2.3:o:asus:rt-ac68u_firmware:-:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8_firmware |
Affected:
0 , < 3.0.0.4.388_24609
(custom)
cpe:2.3:o:asus:zenwifi_xt8_firmware:-:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8_v2_firmware |
Affected:
0 , < 3.0.0.4.388_24609
(custom)
cpe:2.3:o:asus:zenwifi_xt8_v2_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-06-14 02:22
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax58u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ax88u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax88u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ax57_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax57_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_52294",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ac86u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac86u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51915",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ac68u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51668",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:zenwifi_xt8_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24609",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:zenwifi_xt8_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8_v2_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24609",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T03:55:20.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7857-5726f-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZenWiFi XT8",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24609",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ZenWiFi XT8 V2",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24609",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX88U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24198",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX58U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_23925",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX57",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_52294",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC86U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_51915",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_51668",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-14T02:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device."
}
],
"value": "Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T02:59:31.013Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7857-5726f-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate ZenWiFi XT8 to version 3.0.0.4.388_24621 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate ZenWiFi XT8 V2 to version 3.0.0.4.388_24621 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AX88U to version 3.0.0.4.388_24209 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AX58U to version 3.0.0.4.388_24762 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AX57 to version 3.0.0.4.386_52303 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AC86U to version 3.0.0.4.386_51925 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AC68U to version 3.0.0.4.386_51685 or later\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update ZenWiFi XT8 to version 3.0.0.4.388_24621 or later\nUpdate ZenWiFi XT8 V2 to version 3.0.0.4.388_24621 or later\nUpdate RT-AX88U to version 3.0.0.4.388_24209 or later\nUpdate RT-AX58U to version 3.0.0.4.388_24762 or later\nUpdate RT-AX57 to version 3.0.0.4.386_52303 or later\nUpdate RT-AC86U to version 3.0.0.4.386_51925 or later\nUpdate RT-AC68U to version 3.0.0.4.386_51685 or later"
}
],
"source": {
"advisory": "TVN-202406002",
"discovery": "EXTERNAL"
},
"title": "ASUS Router - Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-3079",
"datePublished": "2024-06-14T02:32:21.718Z",
"dateReserved": "2024-03-29T07:18:04.796Z",
"dateUpdated": "2024-08-01T19:32:42.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0401 (GCVE-0-2024-0401)
Vulnerability from nvd – Published: 2024-05-20 16:55 – Updated: 2025-11-22 12:25
VLAI
Title
ASUS OVPN RCE
Summary
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://vulncheck.com/advisories/asus-ovpn-rce | third-party-advisory |
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | ExpertWiFi |
Affected:
0 , < 3.0.0.6.102_44544
(custom)
|
|
| ASUS | RT-AX55 |
Affected:
0 , < 3.0.0.4.386_52303
(custom)
|
|
| ASUS | RT-AX58U |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
|
|
| ASUS | RT-AC67U |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
|
|
| ASUS | RT-AC68R |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
|
|
| ASUS | RT-AC68U |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
|
|
| ASUS | RT-AX86 Series |
Affected:
0 , < 3.0.0.4.388_24243
(custom)
|
|
| ASUS | RT-AC86U |
Affected:
0 , < 3.0.0.4.386_51925
(custom)
|
|
| ASUS | RT-AX88U |
Affected:
0 , < 3.0.0.4.388_24209
(custom)
|
|
| ASUS | RT-AX3000 |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
|
|
| asus | rt-ax58u |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
cpe:2.3:h:asus:rt-ax58u:0:*:*:*:*:*:*:* |
|
| asus | rt-ac67u |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac67u:0:*:*:*:*:*:*:* |
|
| asus | rt-ac68r |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac68r:0:*:*:*:*:*:*:* |
|
| asus | expertwifi |
Affected:
0 , < 3.0.0.6.102_44544
(custom)
cpe:2.3:a:asus:expertwifi:0:*:*:*:*:*:*:* |
|
| asus | rt-ax55 |
Affected:
0 , < 3.0.0.4.386_52303
(custom)
cpe:2.3:h:asus:rt-ax55:0:*:*:*:*:*:*:* |
|
| asus | rt-ac68u |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac68u:0:*:*:*:*:*:*:* |
|
| asus | rt-ax86_series |
Affected:
0 , < 3.0.0.4.388_24243
(custom)
cpe:2.3:h:asus:rt-ax86_series:0:*:*:*:*:*:*:* |
|
| asus | rt-ac86u |
Affected:
0 , < 3.0.0.4.386_51925
(custom)
cpe:2.3:h:asus:rt-ac86u:0:*:*:*:*:*:*:* |
|
| asus | rt-ac88u |
Affected:
0 , < 3.0.0.4.388_24209
(custom)
cpe:2.3:h:asus:rt-ac88u:0:*:*:*:*:*:*:* |
|
| asus | rt-ax3000 |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
cpe:2.3:h:asus:rt-ax3000:0:*:*:*:*:*:*:* |
|
| asus | rt-ac68p |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac68p:0:*:*:*:*:*:*:* |
|
| asus | rt-ac1900 |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac1900:0:*:*:*:*:*:*:* |
|
| asus | rt-ac1900u |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac1900u:0:*:*:*:*:*:*:* |
|
| asus | rt-ac2900 |
Affected:
0 , < 3.0.0.4.386_51925
(custom)
cpe:2.3:h:asus:rt-ac2900:0:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8 |
Affected:
0 , < 3.0.0.4.388_24621
(custom)
cpe:2.3:h:asus:zenwifi_xt8:0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:asus:rt-ax58u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax58u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac67u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac67u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68r:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68r",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:asus:expertwifi:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expertwifi",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.6.102_44544",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax55:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax55",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_52303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax86_series:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax86_series",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24243",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac86u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac86u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac88u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac88u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax3000:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax3000",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68p:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68p",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac1900:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac1900",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac1900u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac1900u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac2900:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac2900",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:zenwifi_xt8:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24621",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:51:52.209755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:40.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/asus-ovpn-rce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExpertWiFi",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.6.102_44544",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX55",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_52303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX58U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC67U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68R",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX86 Series",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24243",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC86U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX88U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX3000",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax55:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_52303",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24762",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:4g-ac68u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac68r:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51925",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24209",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24762",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T12:25:40.045Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/asus-ovpn-rce"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply the vendor provided firmware update.\u003cbr\u003e"
}
],
"value": "Apply the vendor provided firmware update."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ASUS OVPN RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-0401",
"datePublished": "2024-05-20T16:55:18.891Z",
"dateReserved": "2024-01-10T15:27:41.121Z",
"dateUpdated": "2025-11-22T12:25:40.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-7270 (GCVE-0-2014-7270)
Vulnerability from nvd – Published: 2015-02-01 15:00 – Updated: 2024-08-06 12:47
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN32631078/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012 | third-party-advisoryx_refsource_JVNDB |
| http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR | x_refsource_CONFIRM |
Date Public
2015-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32631078",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN32631078/index.html"
},
{
"name": "JVNDB-2015-000012",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-01T15:57:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32631078",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN32631078/index.html"
},
{
"name": "JVNDB-2015-000012",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-7270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32631078",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN32631078/index.html"
},
{
"name": "JVNDB-2015-000012",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012"
},
{
"name": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR",
"refsource": "CONFIRM",
"url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-7270",
"datePublished": "2015-02-01T15:00:00.000Z",
"dateReserved": "2014-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:32.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3080 (GCVE-0-2024-3080)
Vulnerability from cvelistv5 – Published: 2024-06-14 02:57 – Updated: 2024-08-01 19:32
VLAI
Title
ASUS Router - Improper Authentication
Summary
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7859-0e104-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html | third-party-advisory |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | ZenWiFi XT8 |
Affected:
earlier , ≤ 3.0.0.4.388_24609
(custom)
|
|
| ASUS | ZenWiFi XT8 V2 |
Affected:
earlier , ≤ 3.0.0.4.388_24609
(custom)
|
|
| ASUS | RT-AX88U |
Affected:
earlier , ≤ 3.0.0.4.388_24198
(custom)
|
|
| ASUS | RT-AX58U |
Affected:
earlier , ≤ 3.0.0.4.388_23925
(custom)
|
|
| ASUS | RT-AX57 |
Affected:
earlier , ≤ 3.0.0.4.386_52294
(custom)
|
|
| ASUS | RT-AC86U |
Affected:
earlier , ≤ 3.0.0.4.386_51915
(custom)
|
|
| ASUS | RT-AC68U |
Affected:
earlier , ≤ 3.0.0.4.386_51668
(custom)
|
|
| asus | rt-ax58u_firmware |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ax88u_firmware |
Affected:
0 , < 3.0.0.4.388_24209
(custom)
cpe:2.3:o:asus:rt-ax88u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ax57_firmware |
Affected:
0 , < 3.0.0.4.386_52294
(custom)
cpe:2.3:o:asus:rt-ax57_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ac86u_firmware |
Affected:
0 , < 3.0.0.4.386_51915
(custom)
cpe:2.3:o:asus:rt-ac86u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ac68u_firmware |
Affected:
0 , < 3.0.0.4.386_51668
(custom)
cpe:2.3:o:asus:rt-ac68u_firmware:-:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8_firmware |
Affected:
0 , < 3.0.0.4.388_24609
(custom)
cpe:2.3:o:asus:zenwifi_xt8_firmware:-:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8_v2_firmware |
Affected:
0 , < 3.0.0.4.388_24609
(custom)
cpe:2.3:o:asus:zenwifi_xt8_v2_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-06-14 02:46
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax58u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ax88u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax88u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ax57_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax57_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_52294",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ac86u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac86u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51915",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ac68u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51668",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:zenwifi_xt8_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24609",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:zenwifi_xt8_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8_v2_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24609",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T03:55:18.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7859-0e104-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZenWiFi XT8",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24609",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ZenWiFi XT8 V2",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24609",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX88U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24198",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX58U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_23925",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX57",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_52294",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC86U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_51915",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_51668",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-14T02:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device."
}
],
"value": "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T02:59:53.642Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7859-0e104-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html"
}
],
"source": {
"advisory": "TVN-202406003",
"discovery": "EXTERNAL"
},
"title": "ASUS Router - Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-3080",
"datePublished": "2024-06-14T02:57:27.002Z",
"dateReserved": "2024-03-29T07:18:06.343Z",
"dateUpdated": "2024-08-01T19:32:42.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3079 (GCVE-0-2024-3079)
Vulnerability from cvelistv5 – Published: 2024-06-14 02:32 – Updated: 2024-08-01 19:32
VLAI
Title
ASUS Router - Stack-based Buffer Overflow
Summary
Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7857-5726f-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html | third-party-advisory |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | ZenWiFi XT8 |
Affected:
earlier , ≤ 3.0.0.4.388_24609
(custom)
|
|
| ASUS | ZenWiFi XT8 V2 |
Affected:
earlier , ≤ 3.0.0.4.388_24609
(custom)
|
|
| ASUS | RT-AX88U |
Affected:
earlier , ≤ 3.0.0.4.388_24198
(custom)
|
|
| ASUS | RT-AX58U |
Affected:
earlier , ≤ 3.0.0.4.388_23925
(custom)
|
|
| ASUS | RT-AX57 |
Affected:
earlier , ≤ 3.0.0.4.386_52294
(custom)
|
|
| ASUS | RT-AC86U |
Affected:
earlier , ≤ 3.0.0.4.386_51915
(custom)
|
|
| ASUS | RT-AC68U |
Affected:
earlier , ≤ 3.0.0.4.386_51668
(custom)
|
|
| asus | rt-ax58u_firmware |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ax88u_firmware |
Affected:
0 , < 3.0.0.4.388_24209
(custom)
cpe:2.3:o:asus:rt-ax88u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ax57_firmware |
Affected:
0 , < 3.0.0.4.386_52294
(custom)
cpe:2.3:o:asus:rt-ax57_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ac86u_firmware |
Affected:
0 , < 3.0.0.4.386_51915
(custom)
cpe:2.3:o:asus:rt-ac86u_firmware:-:*:*:*:*:*:*:* |
|
| asus | rt-ac68u_firmware |
Affected:
0 , < 3.0.0.4.386_51668
(custom)
cpe:2.3:o:asus:rt-ac68u_firmware:-:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8_firmware |
Affected:
0 , < 3.0.0.4.388_24609
(custom)
cpe:2.3:o:asus:zenwifi_xt8_firmware:-:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8_v2_firmware |
Affected:
0 , < 3.0.0.4.388_24609
(custom)
cpe:2.3:o:asus:zenwifi_xt8_v2_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-06-14 02:22
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax58u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ax88u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax88u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ax57_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax57_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_52294",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ac86u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac86u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51915",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:rt-ac68u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51668",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:zenwifi_xt8_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24609",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:zenwifi_xt8_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8_v2_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24609",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T03:55:20.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7857-5726f-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZenWiFi XT8",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24609",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ZenWiFi XT8 V2",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24609",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX88U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_24198",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX58U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.388_23925",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX57",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_52294",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC86U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_51915",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68U",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.0.0.4.386_51668",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-14T02:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device."
}
],
"value": "Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T02:59:31.013Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7857-5726f-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate ZenWiFi XT8 to version 3.0.0.4.388_24621 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate ZenWiFi XT8 V2 to version 3.0.0.4.388_24621 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AX88U to version 3.0.0.4.388_24209 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AX58U to version 3.0.0.4.388_24762 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AX57 to version 3.0.0.4.386_52303 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AC86U to version 3.0.0.4.386_51925 or later\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate RT-AC68U to version 3.0.0.4.386_51685 or later\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update ZenWiFi XT8 to version 3.0.0.4.388_24621 or later\nUpdate ZenWiFi XT8 V2 to version 3.0.0.4.388_24621 or later\nUpdate RT-AX88U to version 3.0.0.4.388_24209 or later\nUpdate RT-AX58U to version 3.0.0.4.388_24762 or later\nUpdate RT-AX57 to version 3.0.0.4.386_52303 or later\nUpdate RT-AC86U to version 3.0.0.4.386_51925 or later\nUpdate RT-AC68U to version 3.0.0.4.386_51685 or later"
}
],
"source": {
"advisory": "TVN-202406002",
"discovery": "EXTERNAL"
},
"title": "ASUS Router - Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-3079",
"datePublished": "2024-06-14T02:32:21.718Z",
"dateReserved": "2024-03-29T07:18:04.796Z",
"dateUpdated": "2024-08-01T19:32:42.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0401 (GCVE-0-2024-0401)
Vulnerability from cvelistv5 – Published: 2024-05-20 16:55 – Updated: 2025-11-22 12:25
VLAI
Title
ASUS OVPN RCE
Summary
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://vulncheck.com/advisories/asus-ovpn-rce | third-party-advisory |
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | ExpertWiFi |
Affected:
0 , < 3.0.0.6.102_44544
(custom)
|
|
| ASUS | RT-AX55 |
Affected:
0 , < 3.0.0.4.386_52303
(custom)
|
|
| ASUS | RT-AX58U |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
|
|
| ASUS | RT-AC67U |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
|
|
| ASUS | RT-AC68R |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
|
|
| ASUS | RT-AC68U |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
|
|
| ASUS | RT-AX86 Series |
Affected:
0 , < 3.0.0.4.388_24243
(custom)
|
|
| ASUS | RT-AC86U |
Affected:
0 , < 3.0.0.4.386_51925
(custom)
|
|
| ASUS | RT-AX88U |
Affected:
0 , < 3.0.0.4.388_24209
(custom)
|
|
| ASUS | RT-AX3000 |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
|
|
| asus | rt-ax58u |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
cpe:2.3:h:asus:rt-ax58u:0:*:*:*:*:*:*:* |
|
| asus | rt-ac67u |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac67u:0:*:*:*:*:*:*:* |
|
| asus | rt-ac68r |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac68r:0:*:*:*:*:*:*:* |
|
| asus | expertwifi |
Affected:
0 , < 3.0.0.6.102_44544
(custom)
cpe:2.3:a:asus:expertwifi:0:*:*:*:*:*:*:* |
|
| asus | rt-ax55 |
Affected:
0 , < 3.0.0.4.386_52303
(custom)
cpe:2.3:h:asus:rt-ax55:0:*:*:*:*:*:*:* |
|
| asus | rt-ac68u |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac68u:0:*:*:*:*:*:*:* |
|
| asus | rt-ax86_series |
Affected:
0 , < 3.0.0.4.388_24243
(custom)
cpe:2.3:h:asus:rt-ax86_series:0:*:*:*:*:*:*:* |
|
| asus | rt-ac86u |
Affected:
0 , < 3.0.0.4.386_51925
(custom)
cpe:2.3:h:asus:rt-ac86u:0:*:*:*:*:*:*:* |
|
| asus | rt-ac88u |
Affected:
0 , < 3.0.0.4.388_24209
(custom)
cpe:2.3:h:asus:rt-ac88u:0:*:*:*:*:*:*:* |
|
| asus | rt-ax3000 |
Affected:
0 , < 3.0.0.4.388_24762
(custom)
cpe:2.3:h:asus:rt-ax3000:0:*:*:*:*:*:*:* |
|
| asus | rt-ac68p |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac68p:0:*:*:*:*:*:*:* |
|
| asus | rt-ac1900 |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac1900:0:*:*:*:*:*:*:* |
|
| asus | rt-ac1900u |
Affected:
0 , < 3.0.0.4.386_51685
(custom)
cpe:2.3:h:asus:rt-ac1900u:0:*:*:*:*:*:*:* |
|
| asus | rt-ac2900 |
Affected:
0 , < 3.0.0.4.386_51925
(custom)
cpe:2.3:h:asus:rt-ac2900:0:*:*:*:*:*:*:* |
|
| asus | zenwifi_xt8 |
Affected:
0 , < 3.0.0.4.388_24621
(custom)
cpe:2.3:h:asus:zenwifi_xt8:0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:asus:rt-ax58u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax58u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac67u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac67u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68r:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68r",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:asus:expertwifi:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expertwifi",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.6.102_44544",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax55:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax55",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_52303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax86_series:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax86_series",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24243",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac86u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac86u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac88u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac88u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax3000:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax3000",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68p:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68p",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac1900:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac1900",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac1900u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac1900u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac2900:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac2900",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:zenwifi_xt8:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24621",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:51:52.209755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:40.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/asus-ovpn-rce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExpertWiFi",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.6.102_44544",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX55",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_52303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX58U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC67U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68R",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX86 Series",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24243",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC86U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX88U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX3000",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax55:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_52303",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24762",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:4g-ac68u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac68r:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51925",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24209",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24762",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T12:25:40.045Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/asus-ovpn-rce"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply the vendor provided firmware update.\u003cbr\u003e"
}
],
"value": "Apply the vendor provided firmware update."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ASUS OVPN RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-0401",
"datePublished": "2024-05-20T16:55:18.891Z",
"dateReserved": "2024-01-10T15:27:41.121Z",
"dateUpdated": "2025-11-22T12:25:40.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}