ID CVE-2014-7270 Type cve Reporter NVD Modified 2015-02-11T11:42:06
Description
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
{"viewCount": 1, "lastseen": "2016-09-03T21:16:12", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "type": "cve", "description": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.", "assessment": {"name": "", "system": "", "href": ""}, "reporter": "NVD", "published": "2015-02-01T10:59:03", "history": [], "title": "CVE-2014-7270", "cpe": ["cpe:/h:asus:rt-ac68u:-", "cpe:/o:asus:rt-n56u_firmware:3.0.0.4.376.3715", "cpe:/h:asus:rt-ac87u:-", "cpe:/o:asus:rt-ac87u_firmware:3.0.0.4.378.3754", "cpe:/h:asus:rt-ac56s:-", "cpe:/h:asus:rt-n56u:-", "cpe:/o:asus:rt-ac56s_firmware:3.0.0.4.376.3715", "cpe:/o:asus:rt-n66u_firmware:3.0.0.4.376.3715", "cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.376.3715", "cpe:/h:asus:rt-n66u:-"], "bulletinFamily": "NVD", "edition": 1, "scanner": [], "id": "CVE-2014-7270", "cvelist": ["CVE-2014-7270"], "hash": "ed478df3e0643d2ee7a9ba5174bc198de8ed334e17f69a41a6219f3fddbd5b9d", "modified": "2015-02-11T11:42:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7270", "objectVersion": "1.2", "references": ["http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012", "http://jvn.jp/en/jp/JVN32631078/index.html", "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"], "enchantments": {"vulnersScore": 4.0}}
{"result": {"jvn": [{"id": "JVN:32631078", "type": "jvn", "title": "JVN#32631078: Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery", "description": "\n ## Description\n\nMultiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.\n\n ## Impact\n\nIf a user views a malicious page while logged in, unintended operations may be conducted. \n \nIn addition, when this vulnerability is exploited along with the vulnerability stated in JVN#77792759, an arbitrary OS command may be executed. \n\n\n ## Solution\n\n**Update the Firmware** \nApply the appropriate firmware update provided by the developer.\n\n ## Products Affected\n\n * RT-AC87U Firmware versions prior to 3.0.0.4.378.6065\n * RT-AC68U Firmware versions prior to 3.0.0.4.378.6152\n * RT-AC56S Firmware versions prior to 3.0.0.4.378.6065\n * RT-N66U Firmware versions prior to 3.0.0.4.378.6065\n * RT-N56U Firmware versions prior to 3.0.0.4.378.6065\n[Added on June 17, 2015] \nNote that the firmware versions released on January 12, 2015 did not address the vulnerability completely. Newer firmware versions have been released. \n", "published": "2015-01-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://jvn.jp/en/jp/JVN32631078/index.html", "cvelist": ["CVE-2014-7270"], "lastseen": "2017-03-23T17:09:49"}]}}
