Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for rt-n56u by asus

    VAR-201707-0387

    Vulnerability from variot - Updated: 2025-04-20 23:36

    Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0387",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac68u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12\\+",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.378.7177"
          },
          {
            "model": "rt-ac66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac5300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n18u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt ac1200g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3167"
          },
          {
            "model": "rt ac1900p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt ac1200gu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.5577"
          },
          {
            "model": "rt-n12hp b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-ac51u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac3100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac1200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac52u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.4180"
          },
          {
            "model": "rt-ac68p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac53",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt-n12d1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac88u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac3200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac58u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7485"
          },
          {
            "model": "rt-ac55u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac66u b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-n12d1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12\\+",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt-ac53",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac1200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac3200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          }
        ]
      },
      "cve": "CVE-2017-11344",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-11344",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-35393",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-101757",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-11344",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-11344",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-11344",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-35393",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-768",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-101757",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2017/07/14/3",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-97015",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "id": "VAR-201707-0387",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          }
        ],
        "trust": 1.342782942
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:36:49.576000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://asuswrt.lostrealm.ca/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
          },
          {
            "trust": 1.1,
            "url": "https://asuswrt.lostrealm.ca/changelog"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11344"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11344"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "date": "2017-07-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "date": "2017-07-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "date": "2017-07-17T13:18:20.923000",
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35393"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101757"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          },
          {
            "date": "2017-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-11344"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS For devices  Asuswrt-Merlin Firmware and  ASUS Firmware network map global buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005983"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-768"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0400

    Vulnerability from variot - Updated: 2025-04-20 23:36

    Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0400",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac68u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12\\+",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.378.7177"
          },
          {
            "model": "rt-ac66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac5300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n18u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt ac1200g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3167"
          },
          {
            "model": "rt ac1900p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt ac1200gu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.5577"
          },
          {
            "model": "rt-n12hp b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-ac51u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac3100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac1200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac52u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.4180"
          },
          {
            "model": "rt-ac68p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac53",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt-n12d1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac88u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac3200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac58u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7485"
          },
          {
            "model": "rt-ac55u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac66u b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "1.0.1.4"
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-n12d1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12\\+",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt-ac53",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt ac1200gu",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.5577"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac1200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          }
        ]
      },
      "cve": "CVE-2017-11345",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-11345",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-35394",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-101758",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2017-11345",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-11345",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-11345",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-35394",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-767",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-101758",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. ASUSRT-AC5300 and others are wireless routers from ASUS. A networkmap is one of the network diagram components. A buffer overflow vulnerability exists in networkmaps in several ASUS products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-11345",
            "trust": 3.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2017/07/14/3",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-97016",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "id": "VAR-201707-0400",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          }
        ],
        "trust": 1.342782942
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:36:49.545000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://asuswrt.lostrealm.ca/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
          },
          {
            "trust": 1.1,
            "url": "https://asuswrt.lostrealm.ca/changelog"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11345"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11345"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "date": "2017-07-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "date": "2017-07-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "date": "2017-07-17T13:18:20.953000",
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-35394"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101758"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          },
          {
            "date": "2017-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-11345"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS For devices  Asuswrt-Merlin Firmware and  ASUS Firmware network map stack buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005984"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-767"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201701-0755

    Vulnerability from variot - Updated: 2025-04-20 23:32

    An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network. A security vulnerability exists in ASUSRT-N56UWirelessRouter using firmware version 3.0.0.4.374_979. An attacker could exploit the vulnerability to cause the device's WAN connection to crash, the network to fail to connect, and a denial of service. ASUS RT-N56U is prone to an unspecified denial-of-service vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0755",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.374_979"
          },
          {
            "model": "rt-n56u 3.0.0.4.374 979",
            "scope": null,
            "trust": 0.9,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374_979"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "db": "BID",
            "id": "95857"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5632"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n56u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported the issue.",
        "sources": [
          {
            "db": "BID",
            "id": "95857"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-5632",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2017-5632",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-01668",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 3.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "id": "VHN-113835",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-5632",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-5632",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-5632",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-01668",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-087",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-113835",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113835"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5632"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an \"nmap -O\" command that specifies an IP address of an affected device, one can crash the device\u0027s WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network. A security vulnerability exists in ASUSRT-N56UWirelessRouter using firmware version 3.0.0.4.374_979. An attacker could exploit the vulnerability to cause the device\u0027s WAN connection to crash, the network to fail to connect, and a denial of service. ASUS RT-N56U is prone to an unspecified denial-of-service vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "db": "BID",
            "id": "95857"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113835"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "95857",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5632",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-087",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-113835",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113835"
          },
          {
            "db": "BID",
            "id": "95857"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5632"
          }
        ]
      },
      "id": "VAR-201701-0755",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113835"
          }
        ],
        "trust": 1.419504835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:32:20.808000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ASUS Product Security Advisory",
            "trust": 0.8,
            "url": "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/"
          },
          {
            "title": "ASUSRT-N56U has a patch for an unrecognized denial of service vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/89566"
          },
          {
            "title": "ASUS RT-N56U Wireless Router Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67468"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5632"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/95857"
          },
          {
            "trust": 2.3,
            "url": "https://www.asus.com/static_webpage/asus-product-security-advisory/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5632"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5632"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113835"
          },
          {
            "db": "BID",
            "id": "95857"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5632"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "db": "VULHUB",
            "id": "VHN-113835"
          },
          {
            "db": "BID",
            "id": "95857"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5632"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "date": "2017-01-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-113835"
          },
          {
            "date": "2017-01-29T00:00:00",
            "db": "BID",
            "id": "95857"
          },
          {
            "date": "2017-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          },
          {
            "date": "2017-01-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          },
          {
            "date": "2017-01-30T04:59:00.737000",
            "db": "NVD",
            "id": "CVE-2017-5632"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01668"
          },
          {
            "date": "2017-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-113835"
          },
          {
            "date": "2017-02-02T00:05:00",
            "db": "BID",
            "id": "95857"
          },
          {
            "date": "2017-04-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          },
          {
            "date": "2017-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-5632"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U Wireless Router Vulnerabilities in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002218"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-087"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0535

    Vulnerability from variot - Updated: 2025-04-20 23:27

    Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. ASUSRT-AC5300 is the RT series router product of ASUS. Asuswrt-Merlin is the firmware running in it. The following products are affected: ASUS RT-AC5300; RT_AC1900P; RT-AC68U; RT-AC68P; RT-AC88U; AC51U; RT-N18U; RT-N66U; RT-N56U; RT-AC3200; RT-AC3100; RT_AC1200GU; RT_AC1200G; RT_N12+_PRO; RT-N16; RT-N300

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0535",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac68u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12\\+",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.378.7177"
          },
          {
            "model": "rt-ac66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac5300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n18u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt ac1200g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3167"
          },
          {
            "model": "rt ac1900p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n12hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt ac1200gu",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.5577"
          },
          {
            "model": "rt-n12hp b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt-ac51u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac3100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac1200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac52u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.4180"
          },
          {
            "model": "rt-ac68p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac53",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt-n12d1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac88u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-ac3200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac58u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7485"
          },
          {
            "model": "rt-ac55u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-ac66u b1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7743"
          },
          {
            "model": "rt-n300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200gu",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1200g",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac53",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt n12+ pro",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3479"
          },
          {
            "model": "rt ac1200g",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.3167"
          },
          {
            "model": "rt-n12d1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12\\+",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n12hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.2943"
          },
          {
            "model": "rt-ac53",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9883"
          },
          {
            "model": "rt n12\\+ pro",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-ac1200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.9880"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          },
          {
            "model": "rt-n300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt merlin",
            "version": "3.0.0.4.380.7378"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200g_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1200gu_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_ac1900p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt_n12%2B_pro_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac1200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac3200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac51u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac52u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac53_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac5300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac55u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac58u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68p_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac68u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-ac88u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12%2B_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12d1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_b1_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n12hp_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n18u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          }
        ]
      },
      "cve": "CVE-2017-11420",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-11420",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-24400",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-101841",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-11420",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-11420",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-11420",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-24400",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-754",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-101841",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. ASUSRT-AC5300 is the RT series router product of ASUS. Asuswrt-Merlin is the firmware running in it. The following products are affected: ASUS RT-AC5300; RT_AC1900P; RT-AC68U; RT-AC68P; RT-AC88U; AC51U; RT-N18U; RT-N66U; RT-N56U; RT-AC3200; RT-AC3100; RT_AC1200GU; RT_AC1200G; RT_N12+_PRO; RT-N16; RT-N300",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2017/07/13/1",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "id": "VAR-201707-0535",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          }
        ],
        "trust": 1.342782942
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:27:22.844000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://asuswrt.lostrealm.ca/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.openwall.com/lists/oss-security/2017/07/13/1"
          },
          {
            "trust": 1.1,
            "url": "https://asuswrt.lostrealm.ca/changelog"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11420"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11420"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "date": "2017-07-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "date": "2017-07-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "date": "2017-07-18T05:29:00.470000",
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24400"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101841"
          },
          {
            "date": "2017-08-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          },
          {
            "date": "2017-07-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-11420"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS For devices  Asuswrt-Merlin Firmware and  ASUS Firmware network map  ASUS_Discovery.c Vulnerable to stack-based buffer overflow",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005985"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-754"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1179

    Vulnerability from variot - Updated: 2025-04-20 23:23

    Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url. plural ASUS For devices Asuswrt-Merlin Firmware and ASUS The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC5300 and others are wireless routers from ASUS. ASUSAsuswrt-Merlin is the firmware running in it. Httpd is one of the embedded http servers. A stack buffer overflow vulnerability exists in Asuswrt-Merlin380.67_0RT-AC5300 and previous versions of httpd in several ASUS products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1179",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 1.2,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "asuswrt-merlin",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asuswrt merlin",
            "version": "380.67"
          },
          {
            "model": "asuswrt-merlin",
            "scope": null,
            "trust": 0.8,
            "vendor": "asuswrt merlin",
            "version": null
          },
          {
            "model": "rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt ac1900p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac52u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac51u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n18u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac3100",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac1200",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12hp b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12d1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n12+",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "asuswrt-merlin \u003c=380.67 0rt-ac5300",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac55u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac58u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u b1",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac88u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68p",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "asuswrt-merlin",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asuswrt",
            "version": "380.67_0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asuswrt-merlin_project:asuswrt-merlin",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          }
        ]
      },
      "cve": "CVE-2017-12754",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2017-12754",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-32450",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-12754",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-12754",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-12754",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-12754",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-32450",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-443",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url. plural ASUS For devices Asuswrt-Merlin Firmware and ASUS The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC5300 and others are wireless routers from ASUS. ASUSAsuswrt-Merlin is the firmware running in it. Httpd is one of the embedded http servers. A stack buffer overflow vulnerability exists in Asuswrt-Merlin380.67_0RT-AC5300 and previous versions of httpd in several ASUS products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-12754",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "id": "VAR-201708-1179",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          }
        ],
        "trust": 1.2386813426923076
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:23:37.803000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://asuswrt.lostrealm.ca/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://github.com/coincoin7/wireless-router-vulnerability/blob/master/asus_deleteofflineclientoverflow.txt"
          },
          {
            "trust": 1.6,
            "url": "https://asuswrt.lostrealm.ca/changelog"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12754"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12754"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "date": "2017-09-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "date": "2017-08-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "date": "2017-08-09T15:29:00.183000",
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-32450"
          },
          {
            "date": "2017-09-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          },
          {
            "date": "2020-05-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-12754"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  ASUS For devices  Asuswrt-Merlin Firmware and  ASUS Firmware buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007274"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-443"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201502-0454

    Vulnerability from variot - Updated: 2025-04-13 23:32

    ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page. ASUS RT Series Routers has an unspecified command injection vulnerability because it failed to properly filter user-supplied input. Allows an attacker to execute arbitrary operating system commands in the context of the affected device. A security vulnerability exists in several ASUS routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201502-0454",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac68u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac87u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac87u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.378.3754"
          },
          {
            "model": "rt-ac56s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.376.3715"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac87u",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "asus",
            "version": "3.0.0.4.378.3754"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac56s",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac56s",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6065"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6152"
          },
          {
            "model": "rt-ac87u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6065"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6065"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6065"
          },
          {
            "model": "rt-series routers",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.376.3715"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "db": "BID",
            "id": "72390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-002"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7269"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac56s",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac68u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac87u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-n56u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-n66u",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Masashi Sakai",
        "sources": [
          {
            "db": "BID",
            "id": "72390"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-7269",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2014-7269",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2015-000011",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-00880",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-75214",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-7269",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2015-000011",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-00880",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201502-002",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-75214",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-002"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7269"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page. ASUS RT Series Routers has an unspecified command injection vulnerability because it failed to properly filter user-supplied input. Allows an attacker to execute arbitrary operating system commands in the context of the affected device. A security vulnerability exists in several ASUS routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-7269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "db": "BID",
            "id": "72390"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75214"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-7269",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN77792759",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "72390",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-002",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-75214",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75214"
          },
          {
            "db": "BID",
            "id": "72390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-002"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7269"
          }
        ]
      },
      "id": "VAR-201502-0454",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75214"
          }
        ],
        "trust": 1.3538392259999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:32:46.303000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Firmware for wireless LAN routers that addressed cross-site request forgery and OS command injection vulnerabilities are available",
            "trust": 0.8,
            "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
          },
          {
            "title": "ASUS RT Series Routers has patches for unspecified command injection vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/54909"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-75214"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7269"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://jvn.jp/en/jp/jvn77792759/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.asus.com/jp/news/pnzpd7vkxtrkwxhr"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000011"
          },
          {
            "trust": 0.8,
            "url": "//cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7269"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7269"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/72390"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75214"
          },
          {
            "db": "BID",
            "id": "72390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-002"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7269"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75214"
          },
          {
            "db": "BID",
            "id": "72390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-002"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7269"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "date": "2015-02-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-75214"
          },
          {
            "date": "2015-01-28T00:00:00",
            "db": "BID",
            "id": "72390"
          },
          {
            "date": "2015-01-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          },
          {
            "date": "2015-02-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-002"
          },
          {
            "date": "2015-02-01T15:59:01.917000",
            "db": "NVD",
            "id": "CVE-2014-7269"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00880"
          },
          {
            "date": "2015-02-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-75214"
          },
          {
            "date": "2015-01-28T00:00:00",
            "db": "BID",
            "id": "72390"
          },
          {
            "date": "2015-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          },
          {
            "date": "2015-02-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-002"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-7269"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-002"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple ASUS wireless LAN routers vulnerable to OS command injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000011"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-002"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201411-0483

    Vulnerability from variot - Updated: 2025-04-13 23:27

    ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a file from http://dlcdnet.asus.com, parses it to determine the latest firmware version, then downloads (again in the clear) a binary file matching that version number from the same web site. No HTTP = no assurance that the site on the other end is the legitimate ASUS web site, and no assurance that the firmware file and version lookup table have not been modified in transit.

    In the link below I describe the issue in detail, and demonstrate a proof of concept through which I successfully caused an RT-AC66R to "upgrade" to an older firmware with known vulnerabilities. In concept it should also be possible to deliver a fully custom malicious firmware in the same manner.

    This applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the RT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base but a different sub-version.

    This has been fixed as an undocumented feature of the 376 firmware branch (3.0.0.4.376.x).

    Details and POC: http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html

    -- Regards, David Longenecker @dnlongen

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0483",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tm-ac1900",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "t mobile",
            "version": "3.0.0.4.376_3169"
          },
          {
            "model": "rt series",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374.x"
          },
          {
            "model": "rt",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.376.x"
          },
          {
            "model": "rt-series wireless routers",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n66r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n56r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n53",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n16r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac66r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac56r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "David Longenecker",
        "sources": [
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2014-2718",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2014-2718",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-07699",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-70657",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-2718",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-2718",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-07699",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201410-1415",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-70657",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a\nfile from http://dlcdnet.asus.com, parses it to determine the latest\nfirmware version, then downloads (again in the clear) a binary file\nmatching that version number from the same web site. No HTTP = no assurance\nthat the site on the other end is the legitimate ASUS web site, and no\nassurance that the firmware file and version lookup table have not been\nmodified in transit. \n\nIn the link below I describe the issue in detail, and demonstrate a proof\nof concept through which I successfully caused an RT-AC66R to \"upgrade\" to\nan older firmware with known vulnerabilities. In concept it should also be\npossible to deliver a fully custom malicious firmware in the same manner. \n\nThis applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R,\nRT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the\nRT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base\nbut a different sub-version. \n\nThis has been fixed as an undocumented feature of the 376 firmware branch\n(3.0.0.4.376.x). \n\nDetails and POC:\nhttp://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html\n\n-- \nRegards,\nDavid Longenecker\n@dnlongen\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          }
        ],
        "trust": 2.61
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-70657",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2718",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "70791",
            "trust": 2.6
          },
          {
            "db": "PACKETSTORM",
            "id": "128904",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "98316",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "id": "VAR-201411-0483",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          }
        ],
        "trust": 1.3441403886666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:27:35.303000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.asus.com/jp/"
          },
          {
            "title": "Cellspot router firmware update information",
            "trust": 0.8,
            "url": "https://support.t-mobile.com/docs/DOC-21994"
          },
          {
            "title": "ASUS RT Series Wireless Routers patch for middleman security bypass vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/51508"
          },
          {
            "title": "FW_RT_AC68U_30043763715",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54536"
          },
          {
            "title": "FW_RT_AC68U_30043763626",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54537"
          },
          {
            "title": "FW_RT_AC68U_30043761663",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54538"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-345",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://seclists.org/fulldisclosure/2014/oct/122"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/70791"
          },
          {
            "trust": 2.1,
            "url": "http://dnlongen.blogspot.com/2014/10/cve-2014-2718-asus-rt-mitm.html"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/128904/asus-router-man-in-the-middle.html"
          },
          {
            "trust": 1.1,
            "url": "https://support.t-mobile.com/docs/doc-21994"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2718"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2718"
          },
          {
            "trust": 0.8,
            "url": "http://dnlongen.blogspot.jp/2014/10/cve-2014-2718-asus-rt-mitm.html"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/98316"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/"
          },
          {
            "trust": 0.1,
            "url": "http://dlcdnet.asus.com,"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2718"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "db": "BID",
            "id": "70791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "date": "2014-11-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "date": "2014-10-28T00:00:00",
            "db": "BID",
            "id": "70791"
          },
          {
            "date": "2014-11-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "date": "2014-10-29T12:11:11",
            "db": "PACKETSTORM",
            "id": "128904"
          },
          {
            "date": "2014-10-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "date": "2014-11-04T22:55:06.417000",
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-07699"
          },
          {
            "date": "2017-08-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70657"
          },
          {
            "date": "2014-10-28T00:00:00",
            "db": "BID",
            "id": "70791"
          },
          {
            "date": "2016-02-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          },
          {
            "date": "2014-11-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-2718"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-1415"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT Series router firmware arbitrary code execution vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005239"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "70791"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201502-0455

    Vulnerability from variot - Updated: 2025-04-13 23:27

    Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be conducted. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#77792759, an arbitrary OS command may be executed. A cross-site request forgery vulnerability exists in multiple ASUS RT routers that an attacker could use to perform certain unauthorized operations and access to affected devices. Other attacks are also possible

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201502-0455",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac68u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac87u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac56s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac87u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.378.3754"
          },
          {
            "model": "rt-ac56s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac87u",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "asus",
            "version": "3.0.0.4.378.3754"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac56s",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "asus",
            "version": "3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac56s",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6065"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6152"
          },
          {
            "model": "rt-ac87u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6065"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6065"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asus",
            "version": "firmware  prior to 3.0.0.4.378.6065"
          },
          {
            "model": "japan rt-ac87u routers with",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "asus",
            "version": "\u003c=3.0.0.4.378.3754"
          },
          {
            "model": "rt-ac68u routers with",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "asus",
            "version": "\u003c=3.0.0.4.376.3715"
          },
          {
            "model": "rt-ac56s routers with",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "asus",
            "version": "\u003c=3.0.0.4.376.3715"
          },
          {
            "model": "rt-n66u routers with",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "asus",
            "version": "\u003c=3.0.0.4.376.3715"
          },
          {
            "model": "rt-n56u routers with",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "asus",
            "version": "\u003c=3.0.0.4.376.3715"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "db": "BID",
            "id": "72392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-003"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7270"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac56s",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac68u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac87u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-n56u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:misc:asus_japan_rt-n66u",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Masashi Sakai",
        "sources": [
          {
            "db": "BID",
            "id": "72392"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-7270",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2014-7270",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2015-000012",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-00881",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-75215",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-7270",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2015-000012",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-00881",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201502-003",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-75215",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75215"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-003"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7270"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be conducted. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#77792759, an arbitrary OS command may be executed. A cross-site request forgery vulnerability exists in multiple ASUS RT routers that an attacker could use to perform certain unauthorized operations and access to affected devices. Other attacks are also possible",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "db": "BID",
            "id": "72392"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75215"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-7270",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN32631078",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "72392",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-003",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-75215",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75215"
          },
          {
            "db": "BID",
            "id": "72392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-003"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7270"
          }
        ]
      },
      "id": "VAR-201502-0455",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75215"
          }
        ],
        "trust": 1.461392158888889
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:27:33.729000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Firmware for wireless LAN routers that addressed cross-site request forgery and OS command injection vulnerabilities are available",
            "trust": 0.8,
            "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
          },
          {
            "title": "Patch for multiple ASUS RT router cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/54910"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-75215"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7270"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://jvn.jp/en/jp/jvn32631078/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.asus.com/jp/news/pnzpd7vkxtrkwxhr"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000012"
          },
          {
            "trust": 0.8,
            "url": "//cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7270"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7270"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/72392"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75215"
          },
          {
            "db": "BID",
            "id": "72392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-003"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7270"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "db": "VULHUB",
            "id": "VHN-75215"
          },
          {
            "db": "BID",
            "id": "72392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-003"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-7270"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "date": "2015-02-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-75215"
          },
          {
            "date": "2015-01-28T00:00:00",
            "db": "BID",
            "id": "72392"
          },
          {
            "date": "2015-01-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          },
          {
            "date": "2015-02-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-003"
          },
          {
            "date": "2015-02-01T15:59:03.323000",
            "db": "NVD",
            "id": "CVE-2014-7270"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00881"
          },
          {
            "date": "2015-02-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-75215"
          },
          {
            "date": "2015-01-28T00:00:00",
            "db": "BID",
            "id": "72392"
          },
          {
            "date": "2015-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          },
          {
            "date": "2015-02-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-003"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-7270"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-003"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-000012"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-003"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201404-0120

    Vulnerability from variot - Updated: 2025-04-13 23:25

    The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). ASUS RT-N56U is a wireless router product from ASUS Taiwan. A remote command injection vulnerability exists in the ASUS RT-N56U router, which originated from the program's incorrect filtering of user-submitted input. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected device. This vulnerability exists in ASUS RT-N56U routers running version 3.0.0.4.360 firmware. This may facilitate a complete compromise of an affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0120",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "asus",
            "version": "3.0.0.4.374.4755"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.374_4561"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.374_4887"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "tm-ac1900",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "t mobile",
            "version": "3.0.0.4.376_3169"
          },
          {
            "model": "rt-ac68u 3.0.0.4.374 4887",
            "scope": null,
            "trust": 0.9,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5047"
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u 3.0.0.4.374 4561",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u 3.0.0.4.374 4755",
            "scope": null,
            "trust": 0.3,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "3.0.0.4.374.4561"
          },
          {
            "model": "rt-ac68u",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "asus",
            "version": "3.0.0.4.374.5656"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "db": "BID",
            "id": "67672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-5948"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-ac68u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "drone",
        "sources": [
          {
            "db": "BID",
            "id": "60431"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-195"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-5948",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2013-5948",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2013-07304",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2014-02646",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "VHN-65950",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-5948",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-5948",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-07304",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-02646",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201404-426",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-65950",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "db": "VULHUB",
            "id": "VHN-65950"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-5948"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). ASUS RT-N56U is a wireless router product from ASUS Taiwan. \nA remote command injection vulnerability exists in the ASUS RT-N56U router, which originated from the program\u0027s incorrect filtering of user-submitted input. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected device. This vulnerability exists in ASUS RT-N56U routers running version 3.0.0.4.360 firmware.  This may facilitate a complete compromise of an affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-5948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-195"
          },
          {
            "db": "BID",
            "id": "67672"
          },
          {
            "db": "BID",
            "id": "60431"
          },
          {
            "db": "VULHUB",
            "id": "VHN-65950"
          }
        ],
        "trust": 3.87
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-65950",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-65950"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-5948",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "60431",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342",
            "trust": 0.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "25998",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-426",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-195",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20140404 RE: REMOTE COMMAND EXECUTION WITHIN THE ASUS RT-AC68U MANAGING WEB INTERFACE",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20140404 REFLECTED CROSS-SITE SCRIPTING WITHIN THE ASUS RT-AC68U MANAGING WEB INTERFACE",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "67672",
            "trust": 0.4
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-79649",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-65950",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "db": "VULHUB",
            "id": "VHN-65950"
          },
          {
            "db": "BID",
            "id": "67672"
          },
          {
            "db": "BID",
            "id": "60431"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-195"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-5948"
          }
        ]
      },
      "id": "VAR-201404-0120",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "db": "VULHUB",
            "id": "VHN-65950"
          }
        ],
        "trust": 2.0250858000000003
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 1.2
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:25:28.745000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "RT-AC68U",
            "trust": 0.8,
            "url": "http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/"
          },
          {
            "title": "RT-N66U",
            "trust": 0.8,
            "url": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29"
          },
          {
            "title": "Cellspot router firmware update information",
            "trust": 0.8,
            "url": "https://support.t-mobile.com/docs/DOC-21994"
          },
          {
            "title": "ASUS RT-AC68U other RT series routers with firmware patch for any command execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/45157"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-65950"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-5948"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://seclists.org/fulldisclosure/2014/apr/66"
          },
          {
            "trust": 2.3,
            "url": "http://seclists.org/fulldisclosure/2014/apr/59"
          },
          {
            "trust": 1.7,
            "url": "http://support.asus.com/download.aspx?m=rt-n66u+%28ver.b1%29"
          },
          {
            "trust": 1.1,
            "url": "https://support.t-mobile.com/docs/doc-21994"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5948"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5948"
          },
          {
            "trust": 0.6,
            "url": "http://www.exploit-db.com/exploits/25998"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/60431"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/"
          },
          {
            "trust": 0.3,
            "url": "http://support.asus.com/download.aspx?slanguage=en\u0026p=11\u0026s=2\u0026m=rt-ac68u\u0026os=30\u0026ft=20"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "db": "VULHUB",
            "id": "VHN-65950"
          },
          {
            "db": "BID",
            "id": "67672"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-195"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-5948"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "db": "VULHUB",
            "id": "VHN-65950"
          },
          {
            "db": "BID",
            "id": "67672"
          },
          {
            "db": "BID",
            "id": "60431"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-195"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-5948"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-06-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "date": "2014-04-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "date": "2014-04-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-65950"
          },
          {
            "date": "2014-04-22T00:00:00",
            "db": "BID",
            "id": "67672"
          },
          {
            "date": "2013-06-07T00:00:00",
            "db": "BID",
            "id": "60431"
          },
          {
            "date": "2014-04-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          },
          {
            "date": "2013-06-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201306-195"
          },
          {
            "date": "2014-04-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-426"
          },
          {
            "date": "2014-04-22T13:06:25.070000",
            "db": "NVD",
            "id": "CVE-2013-5948"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-06-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "date": "2014-04-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02646"
          },
          {
            "date": "2016-06-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-65950"
          },
          {
            "date": "2014-04-22T00:00:00",
            "db": "BID",
            "id": "67672"
          },
          {
            "date": "2014-04-08T00:57:00",
            "db": "BID",
            "id": "60431"
          },
          {
            "date": "2016-02-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006342"
          },
          {
            "date": "2013-06-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201306-195"
          },
          {
            "date": "2014-04-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-426"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2013-5948"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-195"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-426"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U Router Remote Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-07304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201306-195"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "67672"
          },
          {
            "db": "BID",
            "id": "60431"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201404-0636

    Vulnerability from variot - Updated: 2025-04-13 23:05

    Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. ASUS RT-Series Wireless Routers is a wireless router device. ASUS RT-Series Wireless Routers 'Advanced_System_Content.asp' has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. ASUS RT-Series running firmware versions prior to 3.0.0.4.374.5517 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0636",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.318"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.220"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.374_4887"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "1.0.1.8n"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.374.4755"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.370"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.356"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.25"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.9"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.322"
          },
          {
            "model": "tm-ac1900",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "t mobile",
            "version": "3.0.0.4.376_3169"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_4561"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.20"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.270"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.140"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.162"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.2.38b"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.334"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.108"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.178"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.342"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.134"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.1.21"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.7c"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.1.32"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.24"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.334"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.246"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.2.3"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.10"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.176"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.19"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.7"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.360"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.342"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.346"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.4o"
          },
          {
            "model": "rt-n10e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "2.0.0.16"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.246"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.272"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.220"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8j"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.354"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.7f"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "8.1.1.4"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8l"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.4"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.354"
          },
          {
            "model": "rt-ac66u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-ac68u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac68u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n10e",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n14u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n16",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n56u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n65u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-n66u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374.5517"
          },
          {
            "model": "rt-series wireless routers",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "asus",
            "version": "\u003c=3.0.0.4.374.5517"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-ac68u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac68u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n10e_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n14u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n65u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "David Longenecker",
        "sources": [
          {
            "db": "BID",
            "id": "66954"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-2719",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2014-2719",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-02538",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "VHN-70658",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-2719",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-2719",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-02538",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201404-434",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-70658",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. ASUS RT-Series Wireless Routers is a wireless router device. ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. \nASUS RT-Series running firmware versions prior to 3.0.0.4.374.5517 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "BID",
            "id": "66954"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          }
        ],
        "trust": 2.52
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-70658",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2719",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "66954",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20140416 ASUS RT-XXXX SOHO ROUTERS EXPOSE ADMIN PASSWORD, FIXED IN 3.0.0.4.374.5517",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "126213",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "BID",
            "id": "66954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "id": "VAR-201404-0636",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          }
        ],
        "trust": 1.3092795819999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:05:08.813000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "RT-N66U",
            "trust": 0.8,
            "url": "http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29"
          },
          {
            "title": "Cellspot router firmware update information",
            "trust": 0.8,
            "url": "https://support.t-mobile.com/docs/DOC-21994"
          },
          {
            "title": "ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 Patch for Information Disclosure Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/45075"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://seclists.org/fulldisclosure/2014/apr/225"
          },
          {
            "trust": 1.7,
            "url": "http://support.asus.com/download.aspx?m=rt-n66u+%28ver.b1%29"
          },
          {
            "trust": 1.7,
            "url": "http://dnlongen.blogspot.com/2014/04/cve-2014-2719-asus-rt-password-disclosure.html"
          },
          {
            "trust": 1.1,
            "url": "https://support.t-mobile.com/docs/doc-21994"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2719"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2719"
          },
          {
            "trust": 0.8,
            "url": "http://dnlongen.blogspot.jp/2014/04/cve-2014-2719-asus-rt-password-disclosure.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "BID",
            "id": "66954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "db": "BID",
            "id": "66954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-04-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "date": "2014-04-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "date": "2014-04-14T00:00:00",
            "db": "BID",
            "id": "66954"
          },
          {
            "date": "2014-04-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "date": "2014-04-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "date": "2014-04-22T13:06:29.493000",
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-04-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "date": "2016-06-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70658"
          },
          {
            "date": "2014-04-14T00:00:00",
            "db": "BID",
            "id": "66954"
          },
          {
            "date": "2016-02-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002210"
          },
          {
            "date": "2014-04-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-2719"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-Series Wireless Routers \u0027Advanced_System_Content.asp\u0027 Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-02538"
          },
          {
            "db": "BID",
            "id": "66954"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-434"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201401-0239

    Vulnerability from variot - Updated: 2025-04-11 23:01

    Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. ASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter 'apps_name' and The 'apps_flag' parameter

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0239",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "tm-ac1900",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4..374_979"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4..374_979"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4..374_979"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374_979"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.0.4.374_979"
          },
          {
            "model": "rt-ac66u 3.0.0.4.374 979",
            "scope": null,
            "trust": 0.6,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u 3.0.0.4.374 979",
            "scope": null,
            "trust": 0.6,
            "vendor": "asustek computer",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Holcomb",
        "sources": [
          {
            "db": "BID",
            "id": "65046"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-6343",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-6343",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-00486",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-66345",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-6343",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-6343",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-00486",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201401-417",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-66345",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. \nASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter \u0027apps_name\u0027 and The \u0027apps_flag\u0027 parameter",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "BID",
            "id": "65046"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          }
        ],
        "trust": 2.52
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-66345",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-6343",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "65046",
            "trust": 2.0
          },
          {
            "db": "OSVDB",
            "id": "102267",
            "trust": 1.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "31033",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "124855",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-84386",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-61364",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "BID",
            "id": "65046"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "id": "VAR-201401-0239",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          }
        ],
        "trust": 1.41918854
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:01:42.712000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.asus.com/"
          },
          {
            "title": "Cellspot router firmware update information",
            "trust": 0.8,
            "url": "https://support.t-mobile.com/docs/DOC-21994"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.asus.com/jp/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/65046"
          },
          {
            "trust": 1.1,
            "url": "https://support.t-mobile.com/docs/doc-21994"
          },
          {
            "trust": 1.1,
            "url": "http://www.exploit-db.com/exploits/31033"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/102267"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6343"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6343"
          },
          {
            "trust": 0.8,
            "url": "http://infosec42.blogspot.jp/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
          },
          {
            "trust": 0.6,
            "url": "https://bugs.webkit.org/show_bug.cgi?id=126946"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "db": "BID",
            "id": "65046"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "date": "2014-01-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "date": "2014-01-21T00:00:00",
            "db": "BID",
            "id": "65046"
          },
          {
            "date": "2014-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "date": "2014-01-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "date": "2014-01-22T05:22:12.737000",
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-01-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-00486"
          },
          {
            "date": "2016-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-66345"
          },
          {
            "date": "2014-01-21T00:00:00",
            "db": "BID",
            "id": "65046"
          },
          {
            "date": "2016-02-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          },
          {
            "date": "2014-01-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-6343"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U and  RT-AC66U Router firmware buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-005890"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201401-417"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201111-0176

    Vulnerability from variot - Updated: 2025-04-11 22:56

    QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. ASUS Provided by RT-N56U Contains an administrative password disclosure vulnerability. ASUS Provided by RT-N56U Is a gigabit compatible wireless router. RT-N56U Contains a management password disclosure vulnerability because authentication is not required to connect to the configuration page that contains the device's management password. Note that you can connect to this device by default. LAN Only for users within.An administrative password may be obtained by a remote third party. An attacker with access to the device can access the http://RouterIPAddress/QIS_wizard.htm?flag=detect page. An attacker can obtain device configuration without entering login credentials. This web page will display the device administrator password. By default, only clients connected to the local domain network (LAN) are allowed to access the system WEB interface. ASUS RT-N56U firmware version 1.0.1.4 is vulnerable. ----------------------------------------------------------------------

    The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242


    TITLE: ASUS RT-N56U Wireless Router "QIS_wizard.htm" Information Disclosure

    SECUNIA ADVISORY ID: SA45714

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45714/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45714

    RELEASE DATE: 2011-08-26

    DISCUSS ADVISORY: http://secunia.com/advisories/45714/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/45714/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=45714

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A security issue has been reported in the Asus RT-N56U Wireless Router, which can be exploited by malicious people to disclose sensitive information.

    The security issue is caused due to the router not restricting access to a page displaying the device's configuration (QIS_wizard.htm?flag=detect) and can be exploited to disclose sensitive information including the device's administrative password.

    SOLUTION: Update to firmware version 1.0.1.4o

    PROVIDED AND/OR DISCOVERED BY: Plucky via US-CERT.

    ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/200814

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201111-0176",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "asus",
            "version": "1.0.1.4"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "1.0.0.9"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "1.0.1.2"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "1.0.1.3"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "*"
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.4"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "firmware version  1.0.1.4"
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u 1.0.1.4o",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "asus",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#200814"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "db": "BID",
            "id": "49308"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4497"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n56u",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Plucky",
        "sources": [
          {
            "db": "BID",
            "id": "49308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-457"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2011-4497",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2011-4497",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2011-5782",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-52442",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-4497",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#200814",
                "trust": 0.8,
                "value": "1.86"
              },
              {
                "author": "NVD",
                "id": "CVE-2011-4497",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2011-5782",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201111-341",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-52442",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#200814"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "db": "VULHUB",
            "id": "VHN-52442"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4497"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. ASUS Provided by RT-N56U Contains an administrative password disclosure vulnerability. ASUS Provided by RT-N56U Is a gigabit compatible wireless router. RT-N56U Contains a management password disclosure vulnerability because authentication is not required to connect to the configuration page that contains the device\u0027s management password. Note that you can connect to this device by default. LAN Only for users within.An administrative password may be obtained by a remote third party. An attacker with access to the device can access the http://RouterIPAddress/QIS_wizard.htm?flag=detect page. An attacker can obtain device configuration without entering login credentials. This web page will display the device administrator password. By default, only clients connected to the local domain network (LAN) are allowed to access the system WEB interface. \nASUS RT-N56U  firmware version 1.0.1.4 is vulnerable. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nASUS RT-N56U Wireless Router \"QIS_wizard.htm\" Information Disclosure\n\nSECUNIA ADVISORY ID:\nSA45714\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45714/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45714\n\nRELEASE DATE:\n2011-08-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45714/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45714/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45714\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in the Asus RT-N56U Wireless\nRouter, which can be exploited by malicious people to disclose\nsensitive information. \n\nThe security issue is caused due to the router not restricting access\nto a page displaying the device\u0027s configuration\n(QIS_wizard.htm?flag=detect) and can be exploited to disclose\nsensitive information including the device\u0027s administrative\npassword. \n\nSOLUTION:\nUpdate to firmware version 1.0.1.4o\n\nPROVIDED AND/OR DISCOVERED BY:\nPlucky via US-CERT. \n\nORIGINAL ADVISORY:\nUS-CERT:\nhttp://www.kb.cert.org/vuls/id/200814\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-4497"
          },
          {
            "db": "CERT/CC",
            "id": "VU#200814"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "db": "BID",
            "id": "49308"
          },
          {
            "db": "VULHUB",
            "id": "VHN-52442"
          },
          {
            "db": "PACKETSTORM",
            "id": "104469"
          }
        ],
        "trust": 3.87
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#200814",
            "trust": 4.9
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4497",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "49308",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-341",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-457",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "45714",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-52442",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "104469",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#200814"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-52442"
          },
          {
            "db": "BID",
            "id": "49308"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          },
          {
            "db": "PACKETSTORM",
            "id": "104469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4497"
          }
        ]
      },
      "id": "VAR-201111-0176",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-52442"
          }
        ],
        "trust": 1.8640096700000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 1.2
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:56:23.824000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "RT-N56U - Download",
            "trust": 0.8,
            "url": "http://www.asus.com/Networks/Wireless_Routers/RTN56U/#download"
          },
          {
            "title": "ASUS RT-N56U QIS_wizard.htm patch for information disclosure vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/37169"
          },
          {
            "title": "ASUS RT-N56U Wireless Router \u0027QIS_wizard.htm\u0027 Patch Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/4895"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-52442"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4497"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.kb.cert.org/vuls/id/200814"
          },
          {
            "trust": 0.8,
            "url": "about vulnerability notes"
          },
          {
            "trust": 0.8,
            "url": "contact us about this vulnerability"
          },
          {
            "trust": 0.8,
            "url": "provide a vendor statement"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4497"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu200814"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4497"
          },
          {
            "trust": 0.6,
            "url": "http://www.kb.cert.org/vuls/id/200814http"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/49308"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/networks/wireless_routers/rtn56u/"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/45714/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/45714/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45714"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/242"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#200814"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-52442"
          },
          {
            "db": "BID",
            "id": "49308"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          },
          {
            "db": "PACKETSTORM",
            "id": "104469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4497"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#200814"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-52442"
          },
          {
            "db": "BID",
            "id": "49308"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          },
          {
            "db": "PACKETSTORM",
            "id": "104469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-341"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-4497"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-08-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#200814"
          },
          {
            "date": "2011-11-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "date": "2011-08-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "date": "2011-11-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-52442"
          },
          {
            "date": "2011-08-25T00:00:00",
            "db": "BID",
            "id": "49308"
          },
          {
            "date": "2011-09-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          },
          {
            "date": "2011-08-26T05:39:04",
            "db": "PACKETSTORM",
            "id": "104469"
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201108-457"
          },
          {
            "date": "2011-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-341"
          },
          {
            "date": "2011-11-21T11:55:03.557000",
            "db": "NVD",
            "id": "CVE-2011-4497"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-08-26T00:00:00",
            "db": "CERT/CC",
            "id": "VU#200814"
          },
          {
            "date": "2011-11-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-5782"
          },
          {
            "date": "2011-08-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "date": "2011-11-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-52442"
          },
          {
            "date": "2011-11-22T18:25:00",
            "db": "BID",
            "id": "49308"
          },
          {
            "date": "2013-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-002219"
          },
          {
            "date": "2011-08-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201108-457"
          },
          {
            "date": "2011-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-341"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-4497"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-457"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U Wireless Router \u0027QIS_wizard.htm\u0027 Password Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-3355"
          },
          {
            "db": "BID",
            "id": "49308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-457"
          }
        ],
        "trust": 1.5
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201108-457"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-341"
          }
        ],
        "trust": 1.2
      }
    }

    VAR-201307-0434

    Vulnerability from variot - Updated: 2025-04-11 22:55

    Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. ASUS RT-N66U is a wireless router product from ASUS Taiwan. A directory traversal vulnerability exists in ASUS RT-N66U version 3.0.0.4.270 and 3.0.0.4.354. Remote vulnerabilities can be used by remote attackers to obtain sensitive information, and the acquisition of this information can help launch further attacks. Other attacks may also be possible. The following versions are affected: ASUS RT-AC66U with firmware 3.0.0.4.354 and earlier, RT-N66U 3.0.0.4.370 and earlier, RT-N65U 3.0.0.4.346 and earlier, RT-N14U 3.0.0.4.356 and earlier, RT-N16 3.0.0.4.354 and earlier, RT-N56U 3.0.0.4.360 and earlier and 3.0.0.4.364 and earlier, DSL -N55U

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0434",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.220"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "7.0.2.38b"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "1.0.1.9"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.3.108"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.3.178"
          },
          {
            "model": "dsl-n56u",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "1.0.0.9"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.3.162"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "asus",
            "version": "3.0.0.4.246"
          },
          {
            "model": "rt-n14u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.356"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.370"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.342"
          },
          {
            "model": "dsl-n55u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.7c"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8l"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.334"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "8.1.1.4"
          },
          {
            "model": "rt-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.360"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.140"
          },
          {
            "model": "rt-ac66u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.354"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.318"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "dsl-n56u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.364"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.342"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.260"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.4o"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.322"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.1.21"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "7.0.1.32"
          },
          {
            "model": "rt-n16",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.354"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.134"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.270"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.3.176"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.246"
          },
          {
            "model": "rt-n65u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.346"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8j"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.7f"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.8n"
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.272"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.220"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.1.4"
          },
          {
            "model": "dsl-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.188"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "1.0.2.3"
          },
          {
            "model": "dsl-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.314"
          },
          {
            "model": "rt-n65u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.334"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "dsl-n55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "dsl-n56u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n14u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n14u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n65u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n65u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": "3.0.4.372"
          },
          {
            "model": "rt-n66u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "asus",
            "version": "3.0.0.4.356"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:asus:dsl-n55u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:dsl-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-ac66u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n14u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n14u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n16",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n16_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n56u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n65u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n65u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:asus:rt-n66u",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n66u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kyle Lovett",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2013-4937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-4937",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2013-08385",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-64939",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-4937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-4937",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-08385",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201307-570",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-64939",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. ASUS RT-N66U is a wireless router product from ASUS Taiwan. \nA directory traversal vulnerability exists in ASUS RT-N66U version 3.0.0.4.270 and 3.0.0.4.354. Remote vulnerabilities can be used by remote attackers to obtain sensitive information, and the acquisition of this information can help launch further attacks.         Other attacks may also be possible. The following versions are affected: ASUS RT-AC66U with firmware 3.0.0.4.354 and earlier, RT-N66U 3.0.0.4.370 and earlier, RT-N65U 3.0.0.4.346 and earlier, RT-N14U 3.0.0.4.356 and earlier, RT-N16 3.0.0.4.354 and earlier, RT-N56U 3.0.0.4.360 and earlier and 3.0.0.4.364 and earlier, DSL -N55U",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "BID",
            "id": "60780"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          }
        ],
        "trust": 3.06
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-4937",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "60780",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "db": "BID",
            "id": "60780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "id": "VAR-201307-0434",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          }
        ],
        "trust": 1.291374855714286
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:55:57.018000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Firmware update 3.0.4.372 for ASUS routers with AiCloud fixes found vulnerabilities",
            "trust": 0.8,
            "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
          },
          {
            "title": "Networking",
            "trust": 0.8,
            "url": "http://www.asus.com/Networking/Wireless_Routers_Products/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://twitter.com/asususa/statuses/357612236392509440"
          },
          {
            "trust": 1.7,
            "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/60780"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4937"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4937"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "db": "BID",
            "id": "60780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "date": "2013-06-24T00:00:00",
            "db": "BID",
            "id": "60780"
          },
          {
            "date": "2013-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "date": "2013-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "date": "2013-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "date": "2013-07-26T12:05:40.867000",
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-64939"
          },
          {
            "date": "2013-07-29T13:14:00",
            "db": "BID",
            "id": "60780"
          },
          {
            "date": "2013-07-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-003514"
          },
          {
            "date": "2013-07-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "date": "2013-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-4937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-570"
          }
        ],
        "trust": 1.2
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N66U Directory Traversal Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-08385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-145"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1519

    Vulnerability from variot - Updated: 2024-11-23 23:01

    Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. ASUS RT-AC66U and RT-N56U Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1519",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          }
        ]
      },
      "cve": "CVE-2013-4656",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-4656",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2013-4656",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2013-4656",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-4656",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-4656",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-727",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. ASUS RT-AC66U and RT-N56U Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-4656",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "id": "VAR-201911-1519",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.539042785
      },
      "last_update_date": "2024-11-23T23:01:34.738000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.asus.com/us/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
          },
          {
            "trust": 1.6,
            "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://www.ise.io/soho_service_hacks/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4656"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4656"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "date": "2019-11-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "date": "2019-11-13T15:15:09.963000",
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          },
          {
            "date": "2019-12-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          },
          {
            "date": "2024-11-21T01:56:00.100000",
            "db": "NVD",
            "id": "CVE-2013-4656"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-AC66U and  RT-N56U Path traversal vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006951"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-727"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-0883

    Vulnerability from variot - Updated: 2024-08-14 14:45

    ASUS RT-N56U devices allow CSRF. ASUS RT-N56U The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0883",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_2050"
          },
          {
            "model": "rt-n15u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_16"
          },
          {
            "model": "dsl-n55u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_1397"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_979"
          },
          {
            "model": "rt-n53",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_311"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_979"
          },
          {
            "model": "rt-n10u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "asus",
            "version": "3.0.0.4.374_168"
          },
          {
            "model": "dsl-n55u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-ac66u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n10u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n15u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n16",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n53",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "cve": "CVE-2013-3093",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2013-3093",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2013-3093",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2013-3093",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-3093",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-3093",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202001-1276",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U devices allow CSRF. ASUS RT-N56U The device contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-3093",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "id": "VAR-202001-0883",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5950836471428572
      },
      "last_update_date": "2024-08-14T14:45:05.083000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.asus.com/us/"
          },
          {
            "title": "ASUS RT-N56U Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107622"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.securityfocus.com/archive/1/531194"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3093"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "date": "2020-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "date": "2020-01-28T21:15:11.560000",
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          },
          {
            "date": "2020-05-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          },
          {
            "date": "2020-01-31T16:06:35.230000",
            "db": "NVD",
            "id": "CVE-2013-3093"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS\u00a0RT-N56U\u00a0 Cross-site request forgery vulnerability in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-007119"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-1276"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201403-0712

    Vulnerability from variot - Updated: 2022-05-17 01:51

    ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. An attacker could leverage this issue to bypass the authentication mechanism and obtain sensitive information. The following products running firmware version 3.0.0.4.374.x are vulnerable: RT-AC68U Dual-band Wireless-AC1900 Gigabit Router RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router RT-N66R Dual-Band Wireless-N900 Gigabit Router RT-N66U Dual-Band Wireless-N900 Gigabit Router RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router RT-N56R Dual-Band Wireless-AC1200 Gigabit Router RT-N56U Dual-Band Wireless-AC1200 Gigabit Router RT-N14U Wireless-N300 Cloud Router RT-N14UHP Wireless-N300 Cloud Router RT-N16 Wireless-N300 Gigabit Router RT-N16R Wireless-N300 Gigabit Router

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0712",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-ac56u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n14u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16 router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56r router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66r router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66r router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac68u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n14uhp router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n16r router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n56u wireless router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-ac66u router",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          },
          {
            "model": "rt-n66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n66r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n56r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n16r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n14uhp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-n14u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac68u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac66u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac66r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          },
          {
            "model": "rt-ac56u",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "asus",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kyle Lovett",
        "sources": [
          {
            "db": "BID",
            "id": "65861"
          }
        ],
        "trust": 0.3
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-01390",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2014-01390",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. \nAn attacker could leverage this issue to  bypass the authentication mechanism and obtain sensitive information. \nThe following products running firmware version 3.0.0.4.374.x are vulnerable:\nRT-AC68U Dual-band Wireless-AC1900 Gigabit Router\nRT-AC66R Dual-Band Wireless-AC1750 Gigabit Router\nRT-AC66U Dual-Band Wireless-AC1750 Gigabit Router\nRT-N66R Dual-Band Wireless-N900 Gigabit Router\nRT-N66U Dual-Band Wireless-N900 Gigabit Router\nRT-AC56U Dual-Band Wireless-AC1200 Gigabit Router\nRT-N56R Dual-Band Wireless-AC1200 Gigabit Router\nRT-N56U Dual-Band Wireless-AC1200 Gigabit Router\nRT-N14U Wireless-N300 Cloud Router\nRT-N14UHP Wireless-N300 Cloud Router\nRT-N16 Wireless-N300 Gigabit Router\nRT-N16R Wireless-N300 Gigabit Router",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ],
        "trust": 0.81
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "65861",
            "trust": 0.9
          },
          {
            "db": "SECUNIA",
            "id": "56905",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "id": "VAR-201403-0712",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ],
        "trust": 1.411373705909091
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ]
      },
      "last_update_date": "2022-05-17T01:51:10.409000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for multiple ASUS routers \u0027smb.xml\u0027 authentication bypass vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/43991"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/56905/"
          },
          {
            "trust": 0.3,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0032.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "date": "2014-02-08T00:00:00",
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          },
          {
            "date": "2014-02-08T00:00:00",
            "db": "BID",
            "id": "65861"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "65861"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple ASUS Router \u0027smb.xml\u0027 Authentication Bypass Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01390"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "65861"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201602-0414

    Vulnerability from variot - Updated: 2022-05-17 01:51

    The ASUSRT-N56U has an HTML injection vulnerability that allows remote attackers to exploit malicious exploits to inject malicious scripts or HTML code to capture sensitive information or hijack user sessions when malicious data is viewed. ASUS RT-N56U is a wireless router product from ASUS. An HTML injection vulnerability exists in ASUS RT-N56U. When a user browses an affected website, their browser executes any HTML or script code provided by the attacker. This could lead to attackers stealing cookie-based authentication or controlling how the site is presented to users. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0414",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GraphX",
        "sources": [
          {
            "db": "BID",
            "id": "82667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          }
        ],
        "trust": 0.9
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-01255",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2016-01255",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ASUSRT-N56U has an HTML injection vulnerability that allows remote attackers to exploit malicious exploits to inject malicious scripts or HTML code to capture sensitive information or hijack user sessions when malicious data is viewed. ASUS RT-N56U is a wireless router product from ASUS. \nAn HTML injection vulnerability exists in ASUS RT-N56U. When a user browses an affected website, their browser executes any HTML or script code provided by the attacker. This could lead to attackers stealing cookie-based authentication or controlling how the site is presented to users. \nSuccessful exploits will result in the execution of arbitrary  attacker-supplied HTML and script code in the context of the affected  application, potentially allowing the attacker to steal cookie-based  authentication credentials or control how the page is rendered to the  user. Other attacks are also possible",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          },
          {
            "db": "BID",
            "id": "82667"
          }
        ],
        "trust": 1.35
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "82667",
            "trust": 1.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-377",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          },
          {
            "db": "BID",
            "id": "82667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          }
        ]
      },
      "id": "VAR-201602-0414",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          }
        ],
        "trust": 1.1555556
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          }
        ]
      },
      "last_update_date": "2022-05-17T01:51:03.733000Z",
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/82667"
          },
          {
            "trust": 0.3,
            "url": "http://www.asus.com/networking/rtn56u/"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2016/feb/12"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          },
          {
            "db": "BID",
            "id": "82667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          },
          {
            "db": "BID",
            "id": "82667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          },
          {
            "date": "2016-02-02T00:00:00",
            "db": "BID",
            "id": "82667"
          },
          {
            "date": "2016-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          },
          {
            "date": "2016-07-06T12:16:00",
            "db": "BID",
            "id": "82667"
          },
          {
            "date": "2016-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U HTML Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01255"
          },
          {
            "db": "BID",
            "id": "82667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          }
        ],
        "trust": 1.5
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-377"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202107-1699

    Vulnerability from variot - Updated: 2022-05-04 10:14

    ASUS RT-N56U is a router device.

    ASUS RT-N56U has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1699",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rt-n56u",
            "scope": null,
            "trust": 0.6,
            "vendor": "asus",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-40219",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2021-40219",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U is a router device.\n\r\n\r\nASUS RT-N56U has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-40219",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ]
      },
      "id": "VAR-202107-1699",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ],
        "trust": 1.1555556
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ]
      },
      "last_update_date": "2022-05-04T10:14:43.104000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASUS RT-N56U has weak password vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-40219"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2014-7270 (GCVE-0-2014-7270)

    Vulnerability from nvd – Published: 2015-02-01 15:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN32631078/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012 third-party-advisoryx_refsource_JVNDB
    http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR x_refsource_CONFIRM
    Date Public
    2015-01-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:32.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#32631078",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN32631078/index.html"
              },
              {
                "name": "JVNDB-2015-000012",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-02-01T15:57:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#32631078",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN32631078/index.html"
            },
            {
              "name": "JVNDB-2015-000012",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2014-7270",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#32631078",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN32631078/index.html"
                },
                {
                  "name": "JVNDB-2015-000012",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012"
                },
                {
                  "name": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR",
                  "refsource": "CONFIRM",
                  "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-7270",
        "datePublished": "2015-02-01T15:00:00.000Z",
        "dateReserved": "2014-09-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:32.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7269 (GCVE-0-2014-7269)

    Vulnerability from nvd – Published: 2015-02-01 15:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN77792759/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011 third-party-advisoryx_refsource_JVNDB
    http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR x_refsource_CONFIRM
    Date Public
    2015-01-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:31.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#77792759",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
              },
              {
                "name": "JVNDB-2015-000011",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-02-01T15:57:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#77792759",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
            },
            {
              "name": "JVNDB-2015-000011",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2014-7269",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#77792759",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
                },
                {
                  "name": "JVNDB-2015-000011",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
                },
                {
                  "name": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR",
                  "refsource": "CONFIRM",
                  "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-7269",
        "datePublished": "2015-02-01T15:00:00.000Z",
        "dateReserved": "2014-09-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:31.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4937 (GCVE-0-2013-4937)

    Vulnerability from nvd – Published: 2013-07-26 10:00 – Updated: 2024-09-17 02:46
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:59:40.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-07-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-4937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://reviews.cnet.com/8301-3132_7-57594003-98",
                  "refsource": "MISC",
                  "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
                },
                {
                  "name": "http://twitter.com/ASUSUSA/statuses/357612236392509440",
                  "refsource": "CONFIRM",
                  "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-4937",
        "datePublished": "2013-07-26T10:00:00.000Z",
        "dateReserved": "2013-07-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:46:42.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4497 (GCVE-0-2011-4497)

    Vulnerability from nvd – Published: 2011-11-21 11:00 – Updated: 2024-09-16 22:21
    VLAI
    Summary
    QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/200814 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:09:18.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#200814",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/200814"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-11-21T11:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#200814",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/200814"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-4497",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#200814",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/200814"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-4497",
        "datePublished": "2011-11-21T11:00:00.000Z",
        "dateReserved": "2011-11-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:21:07.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7269 (GCVE-0-2014-7269)

    Vulnerability from cvelistv5 – Published: 2015-02-01 15:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN77792759/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011 third-party-advisoryx_refsource_JVNDB
    http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR x_refsource_CONFIRM
    Date Public
    2015-01-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:31.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#77792759",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
              },
              {
                "name": "JVNDB-2015-000011",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-02-01T15:57:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#77792759",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
            },
            {
              "name": "JVNDB-2015-000011",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2014-7269",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#77792759",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
                },
                {
                  "name": "JVNDB-2015-000011",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
                },
                {
                  "name": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR",
                  "refsource": "CONFIRM",
                  "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-7269",
        "datePublished": "2015-02-01T15:00:00.000Z",
        "dateReserved": "2014-09-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:31.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7270 (GCVE-0-2014-7270)

    Vulnerability from cvelistv5 – Published: 2015-02-01 15:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN32631078/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012 third-party-advisoryx_refsource_JVNDB
    http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR x_refsource_CONFIRM
    Date Public
    2015-01-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:32.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#32631078",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN32631078/index.html"
              },
              {
                "name": "JVNDB-2015-000012",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-02-01T15:57:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#32631078",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN32631078/index.html"
            },
            {
              "name": "JVNDB-2015-000012",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2014-7270",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#32631078",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN32631078/index.html"
                },
                {
                  "name": "JVNDB-2015-000012",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012"
                },
                {
                  "name": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR",
                  "refsource": "CONFIRM",
                  "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-7270",
        "datePublished": "2015-02-01T15:00:00.000Z",
        "dateReserved": "2014-09-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:32.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4937 (GCVE-0-2013-4937)

    Vulnerability from cvelistv5 – Published: 2013-07-26 10:00 – Updated: 2024-09-17 02:46
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:59:40.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-07-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-4937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://reviews.cnet.com/8301-3132_7-57594003-98",
                  "refsource": "MISC",
                  "url": "http://reviews.cnet.com/8301-3132_7-57594003-98"
                },
                {
                  "name": "http://twitter.com/ASUSUSA/statuses/357612236392509440",
                  "refsource": "CONFIRM",
                  "url": "http://twitter.com/ASUSUSA/statuses/357612236392509440"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-4937",
        "datePublished": "2013-07-26T10:00:00.000Z",
        "dateReserved": "2013-07-26T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:46:42.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4497 (GCVE-0-2011-4497)

    Vulnerability from cvelistv5 – Published: 2011-11-21 11:00 – Updated: 2024-09-16 22:21
    VLAI
    Summary
    QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/200814 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:09:18.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#200814",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/200814"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-11-21T11:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#200814",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/200814"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-4497",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#200814",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/200814"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-4497",
        "datePublished": "2011-11-21T11:00:00.000Z",
        "dateReserved": "2011-11-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:21:07.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }