Japan Vulnerability NotesJVN:77792759JVN#77792759: Multiple ASUS wireless LAN routers vulnerable to OS command injection
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.1%
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.
Impact
An arbitrary OS command may be executed by an authenticated attacker.
In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page.
Solution
Update the Firmware
Apply the appropriate firmware update provided by the developer.
Products Affected
- RT-AC87U Firmware versions prior to 3.0.0.4.378.6065
- RT-AC68U Firmware versions prior to 3.0.0.4.378.6152
- RT-AC56S Firmware versions prior to 3.0.0.4.378.6065
- RT-N66U Firmware versions prior to 3.0.0.4.378.6065
- RT-N56U Firmware versions prior to 3.0.0.4.378.6065
[Added on June 17, 2015]
Note that the firmware versions released on January 12, 2015 did not address the vulnerability completely. Newer firmware versions have been released.
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.1%