9 matches found
VulnCheck KEV: CVE-2014-9583
common.c in infosvr in ASUS WRT firmware 3.0.0.4.3761071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via...
ASUS infosvr - Authentication Bypass Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ASUS infosvr Auth Bypass Command Execution', 'Description' = %q This module exploits an authentication bypass vulnerability in the infosvr service...
ASUS infosvr Authentication Bypass Command Execution Exploit
This Metasploit module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This Metasploit module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an...
ASUS infosvr Auth Bypass Command Execution
This module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote...
ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution
漏洞概要2014年10月3日,国外安全研究员Joshua J. Drake在他github(https://github.com/jduck)提交了针对华硕路由器的一个远程命令执行漏洞poc(https://github.com/jduck/asus-cmd)。该漏洞随后被编号为CVE-2014-9583。知道创宇安全研究团队在第一时间对该命令执行漏洞进行了研究和分析。a 漏洞描述华硕路由器R系列路由器使用开源路由器系统 Asuswrt,开源代码给我们随后的漏洞分析带来很多方便,不用逆向分析。在Asuswrt中存在 infosvr 进程,该进程监听在0.0.0.0...
ASUS Router 'infosvr' Remote Command Execution
The remote device is an ASUS router that contains firmware which is affected by a flaw in its 'infosvr' service due to not properly checking the MAC address of a request. An unauthenticated, remote attacker, using a crafted request to UDP port 9999, can exploit this to run arbitrary commands or...
ASUS Router infosvr Service Remote Command Execution Vulnerability
Added: 01/13/2015 CVE: CVE-2014-9583 BID: 71889 OSVDB: 116691 Background ASUS manufactures network devices, including routers and wireless repeaters. Some of these devices include the infosvr service, part of the "ASUS Wireless Router Device Discovery Utility". The infosvr service listens on port...
CVE-2014-9583
CVE-2014-9583 affects ASUSWRT infosvr: a MAC-address validation flaw in common.c allows an unauthenticated remote attacker to bypass authentication and execute arbitrary commands as root via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. Public details demonstrate impact as remote command executi...
CVE-2014-9583
creationtimestamp| type| source ---|---|--- 2015-01-04 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35688 2018-04-24 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44524 2018-05-29 15:50:33+00:00| seen|...