CVE-2013-3610

2022-10-0316:14:45

CWE-287

[email protected]

web.nvd.nist.gov

asus

rt-n10e

firmware

security

vulnerability

authentication

remote access

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:C/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.6%

JSON

qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.

Affected configurations

NVD

Node

asusrt-n10e_firmwareRange≤2.0.0.24

asusrt-n10e_firmwareMatch2.0.0.7

asusrt-n10e_firmwareMatch2.0.0.10

asusrt-n10e_firmwareMatch2.0.0.16

asusrt-n10e_firmwareMatch2.0.0.19

asusrt-n10e_firmwareMatch2.0.0.20

AND

asusrt-n10eMatch-

CPENameOperatorVersion
asus:rt-n10e_firmwareasus rt-n10e firmwarele2.0.0.24
asus:rt-n10e_firmwareasus rt-n10e firmwareeq2.0.0.7
asus:rt-n10e_firmwareasus rt-n10e firmwareeq2.0.0.10
asus:rt-n10e_firmwareasus rt-n10e firmwareeq2.0.0.16
asus:rt-n10e_firmwareasus rt-n10e firmwareeq2.0.0.19
asus:rt-n10e_firmwareasus rt-n10e firmwareeq2.0.0.20
asus:rt-n10easus rt-n10eeq-

CPE	Name	Operator	Version
asus:rt-n10e_firmware	asus rt-n10e firmware	le	2.0.0.24
asus:rt-n10e_firmware	asus rt-n10e firmware	eq	2.0.0.7
asus:rt-n10e_firmware	asus rt-n10e firmware	eq	2.0.0.10
asus:rt-n10e_firmware	asus rt-n10e firmware	eq	2.0.0.16
asus:rt-n10e_firmware	asus rt-n10e firmware	eq	2.0.0.19
asus:rt-n10e_firmware	asus rt-n10e firmware	eq	2.0.0.20
asus:rt-n10e	asus rt-n10e	eq	-