ID CVE-2014-7270 Type cve Reporter NVD Modified 2015-02-11T11:42:06
Description
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
{"reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 6.8}, "vulnersScore": 6.8}, "published": "2015-02-01T10:59:03", "cvelist": ["CVE-2014-7270"], "title": "CVE-2014-7270", "objectVersion": "1.2", "type": "cve", "hash": "ed478df3e0643d2ee7a9ba5174bc198de8ed334e17f69a41a6219f3fddbd5b9d", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7270", "bulletinFamily": "NVD", "id": "CVE-2014-7270", "history": [], "scanner": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "modified": "2015-02-11T11:42:06", "viewCount": 1, "cpe": ["cpe:/h:asus:rt-ac68u:-", "cpe:/o:asus:rt-n56u_firmware:3.0.0.4.376.3715", "cpe:/h:asus:rt-ac87u:-", "cpe:/o:asus:rt-ac87u_firmware:3.0.0.4.378.3754", "cpe:/h:asus:rt-ac56s:-", "cpe:/h:asus:rt-n56u:-", "cpe:/o:asus:rt-ac56s_firmware:3.0.0.4.376.3715", "cpe:/o:asus:rt-n66u_firmware:3.0.0.4.376.3715", "cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.376.3715", "cpe:/h:asus:rt-n66u:-"], "edition": 1, "description": "Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.", "references": ["http://jvndb.jvn.jp/jvndb/JVNDB-2015-000012", "http://jvn.jp/en/jp/JVN32631078/index.html", "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"], "lastseen": "2016-09-03T21:16:12", "assessment": {"system": "", "name": "", "href": ""}}
{"jvn": [{"lastseen": "2018-08-31T00:36:17", "references": [], "description": "\n ## Description\n\nMultiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.\n\n ## Impact\n\nIf a user views a malicious page while logged in, unintended operations may be conducted. \n \nIn addition, when this vulnerability is exploited along with the vulnerability stated in JVN#77792759, an arbitrary OS command may be executed. \n\n\n ## Solution\n\n**Update the Firmware** \nApply the appropriate firmware update provided by the developer.\n\n ## Products Affected\n\n * RT-AC87U Firmware versions prior to 3.0.0.4.378.6065\n * RT-AC68U Firmware versions prior to 3.0.0.4.378.6152\n * RT-AC56S Firmware versions prior to 3.0.0.4.378.6065\n * RT-N66U Firmware versions prior to 3.0.0.4.378.6065\n * RT-N56U Firmware versions prior to 3.0.0.4.378.6065\n[Added on June 17, 2015] \nNote that the firmware versions released on January 12, 2015 did not address the vulnerability completely. Newer firmware versions have been released. \n", "edition": 3, "reporter": "Japan Vulnerability Notes", "published": "2015-01-27T00:00:00", "title": "JVN#32631078: Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-7270"], "modified": "2015-06-17T00:00:00", "id": "JVN:32631078", "href": "http://jvn.jp/en/jp/JVN32631078/index.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
