CVE-2014-9583

2015-01-0820:59:00

CWE-264

[email protected]

web.nvd.nist.gov

106

cve-2014-9583

asus

wrt firmware

remote attackers

authentication bypass

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.

CPENameOperatorVersion
t-mobile:tm-ac1900t-mobile tm-ac1900eq3.0.0.4.376_3169
asus:wrt_firmwareasus wrt firmwareeq3.0.0.4.376.2524-g0012f52
asus:wrt_firmwareasus wrt firmwareeq3.0.0.4.376_1071

CPE	Name	Operator	Version
t-mobile:tm-ac1900	t-mobile tm-ac1900	eq	3.0.0.4.376_3169
asus:wrt_firmware	asus wrt firmware	eq	3.0.0.4.376.2524-g0012f52
asus:wrt_firmware	asus wrt firmware	eq	3.0.0.4.376_1071