Details of VAR-201403-0712

ID

VAR-201403-0712

TITLE

Multiple ASUS Router 'smb.xml' Authentication Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-01390

DESCRIPTION

ASUS (ASUS) is the largest hardware manufacturer in Taiwan. A variety of ASUS router products (firmware version 3.0.0.4.374.x) failed to properly restrict access to the file /smb.xml after enabling the AiCloud web service, and an attacker could exploit the vulnerability to leak sensitive information. Multiple ASUS Routers are prone to an authentication-bypass vulnerability. An attacker could leverage this issue to bypass the authentication mechanism and obtain sensitive information. The following products running firmware version 3.0.0.4.374.x are vulnerable: RT-AC68U Dual-band Wireless-AC1900 Gigabit Router RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router RT-N66R Dual-Band Wireless-N900 Gigabit Router RT-N66U Dual-Band Wireless-N900 Gigabit Router RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router RT-N56R Dual-Band Wireless-AC1200 Gigabit Router RT-N56U Dual-Band Wireless-AC1200 Gigabit Router RT-N14U Wireless-N300 Cloud Router RT-N14UHP Wireless-N300 Cloud Router RT-N16 Wireless-N300 Gigabit Router RT-N16R Wireless-N300 Gigabit Router

Trust: 0.81

sources: CNVD: CNVD-2014-01390 // BID: 65861

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01390

AFFECTED PRODUCTS

vendor:	asus	model:	rt-ac56u router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n14u router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n16 router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n56r router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n66r router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-ac66r router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-ac68u router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n14uhp router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n16r router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n56u wireless router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n66u router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-ac66u router	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n66u	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-n66r	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-n56u	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-n56r	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-n16r	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-n16	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-n14uhp	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-n14u	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-ac66r	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	rt-ac56u	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-01390 // BID: 65861

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01390
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-01390
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01390

THREAT TYPE

network

Trust: 0.3

sources: BID: 65861

TYPE

Unknown

Trust: 0.3

sources: BID: 65861

PATCH

title:

Patch for multiple ASUS routers 'smb.xml' authentication bypass vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/43991

Trust: 0.6

sources: CNVD: CNVD-2014-01390

EXTERNAL IDS

db:	BID	id:	65861	Trust: 0.9
db:	SECUNIA	id:	56905	Trust: 0.6
db:	CNVD	id:	CNVD-2014-01390	Trust: 0.6

sources: CNVD: CNVD-2014-01390 // BID: 65861

REFERENCES

url:	http://secunia.com/advisories/56905/	Trust: 0.6
url:	http://archives.neohapsis.com/archives/bugtraq/2014-02/0032.html	Trust: 0.3
url:	http://www.asus.com	Trust: 0.3

sources: CNVD: CNVD-2014-01390 // BID: 65861

CREDITS

kyle Lovett

Trust: 0.3

sources: BID: 65861

SOURCES

db:	CNVD	id:	CNVD-2014-01390
db:	BID	id:	65861

LAST UPDATE DATE

2022-05-17T01:51:10.409000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01390	date:	2014-03-03T00:00:00
db:	BID	id:	65861	date:	2014-02-08T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01390	date:	2014-03-03T00:00:00
db:	BID	id:	65861	date:	2014-02-08T00:00:00