Details of VAR-201307-0434

ID

VAR-201307-0434

CVE

CVE-2013-4937

TITLE

ASUS RT-N66U Directory Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-08385 // CNNVD: CNNVD-201307-145

DESCRIPTION

Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. ASUS RT-N66U is a wireless router product from ASUS Taiwan. A directory traversal vulnerability exists in ASUS RT-N66U version 3.0.0.4.270 and 3.0.0.4.354. Remote vulnerabilities can be used by remote attackers to obtain sensitive information, and the acquisition of this information can help launch further attacks. Other attacks may also be possible. The following versions are affected: ASUS RT-AC66U with firmware 3.0.0.4.354 and earlier, RT-N66U 3.0.0.4.370 and earlier, RT-N65U 3.0.0.4.346 and earlier, RT-N14U 3.0.0.4.356 and earlier, RT-N16 3.0.0.4.354 and earlier, RT-N56U 3.0.0.4.360 and earlier and 3.0.0.4.364 and earlier, DSL -N55U

Trust: 3.06

sources: NVD: CVE-2013-4937 // JVNDB: JVNDB-2013-003514 // CNVD: CNVD-2013-08385 // CNNVD: CNNVD-201307-145 // BID: 60780 // VULHUB: VHN-64939

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-08385

AFFECTED PRODUCTS

vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.4.260	Trust: 1.6
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.4.220	Trust: 1.6
vendor:	asus	model:	rt-n16	scope:	eq	version:	7.0.2.38b	Trust: 1.6
vendor:	asus	model:	rt-n16	scope:	eq	version:	1.0.1.9	Trust: 1.6
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.3.108	Trust: 1.6
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.3.178	Trust: 1.6
vendor:	asus	model:	dsl-n56u	scope:	eq	version:	1.0.0.9	Trust: 1.6
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.3.162	Trust: 1.6
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.4.246	Trust: 1.6
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.8j	Trust: 1.0
vendor:	asus	model:	dsl-n56u	scope:	lte	version:	3.0.0.4.364	Trust: 1.0
vendor:	asus	model:	dsl-n55u	scope:	eq	version:	-	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.246	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.3.176	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.4.334	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.4.342	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.260	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	8.1.1.4	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	lte	version:	3.0.0.4.354	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	-	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	7.0.1.32	Trust: 1.0
vendor:	asus	model:	rt-n66u	scope:	lte	version:	3.0.0.4.370	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.8n	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.4	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	lte	version:	3.0.0.4.360	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.8l	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	lte	version:	3.0.0.4.354	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.4o	Trust: 1.0
vendor:	asus	model:	rt-n14u	scope:	lte	version:	3.0.0.4.356	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.4.260	Trust: 1.0
vendor:	asus	model:	rt-n14u	scope:	eq	version:	-	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	1.0.2.3	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	3.0.0.4.318	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.140	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	-	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.7c	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.220	Trust: 1.0
vendor:	asus	model:	rt-n14u	scope:	eq	version:	3.0.0.4.322	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	-	Trust: 1.0
vendor:	asus	model:	dsl-n56u	scope:	eq	version:	3.0.0.4.314	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	-	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	7.0.1.21	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.270	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	lte	version:	3.0.0.4.346	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	3.0.0.4.334	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	3.0.0.4.342	Trust: 1.0
vendor:	asus	model:	rt-n66u	scope:	eq	version:	3.0.0.4.272	Trust: 1.0
vendor:	asus	model:	dsl-n56u	scope:	eq	version:	3.0.0.4.188	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.3.134	Trust: 1.0
vendor:	asus	model:	rt-n66u	scope:	eq	version:	-	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.7f	Trust: 1.0
vendor:	asustek computer	model:	dsl-n55u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	dsl-n56u	scope:	lt	version:	3.0.4.372	Trust: 0.8
vendor:	asustek computer	model:	rt-ac66u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ac66u	scope:	lt	version:	3.0.4.372	Trust: 0.8
vendor:	asustek computer	model:	rt-n14u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-n14u	scope:	lt	version:	3.0.4.372	Trust: 0.8
vendor:	asustek computer	model:	rt-n16	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-n16	scope:	lt	version:	3.0.4.372	Trust: 0.8
vendor:	asustek computer	model:	rt-n56u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-n56u	scope:	lt	version:	3.0.4.372	Trust: 0.8
vendor:	asustek computer	model:	rt-n65u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-n65u	scope:	lt	version:	3.0.4.372	Trust: 0.8
vendor:	asustek computer	model:	rt-n66u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-n66u	scope:	lt	version:	3.0.4.372	Trust: 0.8
vendor:	asus	model:	rt-n66u	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n14u	scope:	eq	version:	3.0.0.4.356	Trust: 0.6

sources: CNVD: CNVD-2013-08385 // JVNDB: JVNDB-2013-003514 // CNNVD: CNNVD-201307-570 // NVD: CVE-2013-4937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4937
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-4937
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-08385
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201307-570
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-64939
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-4937
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-08385
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-64939
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-08385 // VULHUB: VHN-64939 // JVNDB: JVNDB-2013-003514 // CNNVD: CNNVD-201307-570 // NVD: CVE-2013-4937

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-4937

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201307-145 // CNNVD: CNNVD-201307-570

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201307-145

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003514

PATCH

title:	Firmware update 3.0.4.372 for ASUS routers with AiCloud fixes found vulnerabilities	url:	http://twitter.com/ASUSUSA/statuses/357612236392509440	Trust: 0.8
title:	Networking	url:	http://www.asus.com/Networking/Wireless_Routers_Products/	Trust: 0.8

sources: JVNDB: JVNDB-2013-003514

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4937	Trust: 2.8
db:	BID	id:	60780	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-003514	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-570	Trust: 0.7
db:	CNVD	id:	CNVD-2013-08385	Trust: 0.6
db:	CNNVD	id:	CNNVD-201307-145	Trust: 0.6
db:	VULHUB	id:	VHN-64939	Trust: 0.1

sources: CNVD: CNVD-2013-08385 // VULHUB: VHN-64939 // BID: 60780 // JVNDB: JVNDB-2013-003514 // CNNVD: CNNVD-201307-145 // CNNVD: CNNVD-201307-570 // NVD: CVE-2013-4937

REFERENCES

url:	http://twitter.com/asususa/statuses/357612236392509440	Trust: 1.7
url:	http://reviews.cnet.com/8301-3132_7-57594003-98	Trust: 1.7
url:	http://www.securityfocus.com/bid/60780	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4937	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4937	Trust: 0.8

sources: CNVD: CNVD-2013-08385 // VULHUB: VHN-64939 // JVNDB: JVNDB-2013-003514 // CNNVD: CNNVD-201307-145 // CNNVD: CNNVD-201307-570 // NVD: CVE-2013-4937

CREDITS

Kyle Lovett

Trust: 0.6

sources: CNNVD: CNNVD-201307-145

SOURCES

db:	CNVD	id:	CNVD-2013-08385
db:	VULHUB	id:	VHN-64939
db:	BID	id:	60780
db:	JVNDB	id:	JVNDB-2013-003514
db:	CNNVD	id:	CNNVD-201307-145
db:	CNNVD	id:	CNNVD-201307-570
db:	NVD	id:	CVE-2013-4937

LAST UPDATE DATE

2024-11-23T22:23:13.851000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-08385	date:	2013-06-28T00:00:00
db:	VULHUB	id:	VHN-64939	date:	2013-07-26T00:00:00
db:	BID	id:	60780	date:	2013-07-29T13:14:00
db:	JVNDB	id:	JVNDB-2013-003514	date:	2013-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201307-145	date:	2013-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201307-570	date:	2013-08-05T00:00:00
db:	NVD	id:	CVE-2013-4937	date:	2024-11-21T01:56:43.360

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-08385	date:	2013-06-28T00:00:00
db:	VULHUB	id:	VHN-64939	date:	2013-07-26T00:00:00
db:	BID	id:	60780	date:	2013-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-003514	date:	2013-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201307-145	date:	2013-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201307-570	date:	2013-07-29T00:00:00
db:	NVD	id:	CVE-2013-4937	date:	2013-07-26T12:05:40.867