Sign-up

ID

VAR-201401-0239


CVE

CVE-2013-6343


TITLE

ASUS RT-N56U and RT-AC66U Router firmware buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005890

DESCRIPTION

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. ASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter 'apps_name' and The 'apps_flag' parameter

Trust: 2.52

sources: NVD: CVE-2013-6343 // JVNDB: JVNDB-2013-005890 // CNVD: CNVD-2014-00486 // BID: 65046 // VULHUB: VHN-66345

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00486

AFFECTED PRODUCTS

vendor:asusmodel:tm-ac1900scope:eqversion:3.0.0.4..374_979

Trust: 1.6

vendor:asusmodel:rt-n56uscope:eqversion:3.0.0.4..374_979

Trust: 1.6

vendor:asusmodel:rt-ac66uscope:eqversion:3.0.0.4..374_979

Trust: 1.6

vendor:asustek computermodel:rt-ac66uscope:eqversion:3.0.0.4.374_979

Trust: 0.8

vendor:asustek computermodel:rt-n56uscope:eqversion:3.0.0.4.374_979

Trust: 0.8

vendor:asustek computermodel:rt-ac66u 3.0.0.4.374 979scope: - version: -

Trust: 0.6

vendor:asustek computermodel:rt-n56u 3.0.0.4.374 979scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-00486 // JVNDB: JVNDB-2013-005890 // CNNVD: CNNVD-201401-417 // NVD: CVE-2013-6343

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6343
value: HIGH

Trust: 1.0

NVD: CVE-2013-6343
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-00486
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201401-417
value: CRITICAL

Trust: 0.6

VULHUB: VHN-66345
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6343
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00486
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66345
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00486 // VULHUB: VHN-66345 // JVNDB: JVNDB-2013-005890 // CNNVD: CNNVD-201401-417 // NVD: CVE-2013-6343

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-66345 // JVNDB: JVNDB-2013-005890 // NVD: CVE-2013-6343

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-417

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201401-417

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005890

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-66345

PATCH
title:Top Pageurl:http://www.asus.com/
Trust: 0.8
title:Cellspot router firmware update informationurl:https://support.t-mobile.com/docs/DOC-21994
Trust: 0.8
title:Top Pageurl:http://www.asus.com/jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005890

EXTERNAL IDS
db:NVDid:CVE-2013-6343
Trust: 3.4
db:BIDid:65046
Trust: 2.0
db:OSVDBid:102267
Trust: 1.7
db:EXPLOIT-DBid:31033
Trust: 1.1
db:JVNDBid:JVNDB-2013-005890
Trust: 0.8
db:CNNVDid:CNNVD-201401-417
Trust: 0.7
db:CNVDid:CNVD-2014-00486
Trust: 0.6
db:PACKETSTORMid:124855
Trust: 0.1
db:SEEBUGid:SSVID-84386
Trust: 0.1
db:SEEBUGid:SSVID-61364
Trust: 0.1
db:VULHUBid:VHN-66345
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00486 // 
            
            
            
            VULHUB: VHN-66345 // 
            
            
            
            BID: 65046 // 
            
            
            
            JVNDB: JVNDB-2013-005890 // 
            
            
            
            CNNVD: CNNVD-201401-417 // 
            
            
            
            NVD: CVE-2013-6343

REFERENCES
url:http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html
Trust: 1.7
url:http://www.securityfocus.com/bid/65046
Trust: 1.1
url:https://support.t-mobile.com/docs/doc-21994
Trust: 1.1
url:http://www.exploit-db.com/exploits/31033
Trust: 1.1
url:http://osvdb.org/102267
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6343
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6343
Trust: 0.8
url:http://infosec42.blogspot.jp/2014/01/exploit-asus-rt-n56u-remote-root-shell.html
Trust: 0.8
url:https://bugs.webkit.org/show_bug.cgi?id=126946
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00486 // 
            
            
            
            VULHUB: VHN-66345 // 
            
            
            
            JVNDB: JVNDB-2013-005890 // 
            
            
            
            CNNVD: CNNVD-201401-417 // 
            
            
            
            NVD: CVE-2013-6343

CREDITS
Jacob Holcomb
Trust: 0.3
sources:
            
            
            BID: 65046

SOURCES
db:CNVDid:CNVD-2014-00486
db:VULHUBid:VHN-66345
db:BIDid:65046
db:JVNDBid:JVNDB-2013-005890
db:CNNVDid:CNNVD-201401-417
db:NVDid:CVE-2013-6343

LAST UPDATE DATE
2024-11-23T23:05:48.491000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00486date:2014-01-22T00:00:00
db:VULHUBid:VHN-66345date:2016-12-31T00:00:00
db:BIDid:65046date:2014-01-21T00:00:00
db:JVNDBid:JVNDB-2013-005890date:2016-02-10T00:00:00
db:CNNVDid:CNNVD-201401-417date:2014-01-24T00:00:00
db:NVDid:CVE-2013-6343date:2024-11-21T01:59:02.770

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00486date:2014-01-22T00:00:00
db:VULHUBid:VHN-66345date:2014-01-22T00:00:00
db:BIDid:65046date:2014-01-21T00:00:00
db:JVNDBid:JVNDB-2013-005890date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-417date:2014-01-24T00:00:00
db:NVDid:CVE-2013-6343date:2014-01-22T05:22:12.737