Details of VAR-201404-0120

ID

VAR-201404-0120

CVE

CVE-2013-5948

TITLE

ASUS RT-N56U Router Remote Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-07304 // CNNVD: CNNVD-201306-195

DESCRIPTION

The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). ASUS RT-N56U is a wireless router product from ASUS Taiwan. A remote command injection vulnerability exists in the ASUS RT-N56U router, which originated from the program's incorrect filtering of user-submitted input. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected device. This vulnerability exists in ASUS RT-N56U routers running version 3.0.0.4.360 firmware. This may facilitate a complete compromise of an affected device

Trust: 3.87

sources: NVD: CVE-2013-5948 // JVNDB: JVNDB-2013-006342 // CNVD: CNVD-2013-07304 // CNVD: CNVD-2014-02646 // CNNVD: CNNVD-201306-195 // BID: 67672 // BID: 60431 // VULHUB: VHN-65950

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2013-07304 // CNVD: CNVD-2014-02646

AFFECTED PRODUCTS

vendor:	asus	model:	rt-ac68u	scope:	eq	version:	3.0.0.4.374.4755	Trust: 2.2
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	3.0.0.4.374_4561	Trust: 1.6
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	3.0.0.4.374_4887	Trust: 1.6
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	-	Trust: 1.0
vendor:	t mobile	model:	tm-ac1900	scope:	eq	version:	3.0.0.4.376_3169	Trust: 1.0
vendor:	asus	model:	rt-ac68u 3.0.0.4.374 4887	scope:	-	version:	-	Trust: 0.9
vendor:	asustek computer	model:	rt-ac68u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ac68u	scope:	lt	version:	3.0.0.4.374.5047	Trust: 0.8
vendor:	asus	model:	rt-n56u	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-ac68u 3.0.0.4.374 4561	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-ac68u 3.0.0.4.374 4755	scope:	-	version:	-	Trust: 0.3
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	3.0.0.4.374.4561	Trust: 0.3
vendor:	asus	model:	rt-ac68u	scope:	ne	version:	3.0.0.4.374.5656	Trust: 0.3

sources: CNVD: CNVD-2013-07304 // CNVD: CNVD-2014-02646 // BID: 67672 // JVNDB: JVNDB-2013-006342 // CNNVD: CNNVD-201404-426 // NVD: CVE-2013-5948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5948
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5948
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-07304
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2014-02646
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201404-426
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65950
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5948
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-07304
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2014-02646
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65950
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-07304 // CNVD: CNVD-2014-02646 // VULHUB: VHN-65950 // JVNDB: JVNDB-2013-006342 // CNNVD: CNNVD-201404-426 // NVD: CVE-2013-5948

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-65950 // JVNDB: JVNDB-2013-006342 // NVD: CVE-2013-5948

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201306-195 // CNNVD: CNNVD-201404-426

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 67672 // BID: 60431

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006342

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-65950

PATCH

title:	RT-AC68U	url:	http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/	Trust: 0.8
title:	RT-N66U	url:	http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29	Trust: 0.8
title:	Cellspot router firmware update information	url:	https://support.t-mobile.com/docs/DOC-21994	Trust: 0.8
title:	ASUS RT-AC68U other RT series routers with firmware patch for any command execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/45157	Trust: 0.6

sources: CNVD: CNVD-2014-02646 // JVNDB: JVNDB-2013-006342

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5948	Trust: 3.4
db:	BID	id:	60431	Trust: 1.5
db:	JVNDB	id:	JVNDB-2013-006342	Trust: 0.8
db:	EXPLOIT-DB	id:	25998	Trust: 0.7
db:	CNNVD	id:	CNNVD-201404-426	Trust: 0.7
db:	CNVD	id:	CNVD-2013-07304	Trust: 0.6
db:	CNVD	id:	CNVD-2014-02646	Trust: 0.6
db:	CNNVD	id:	CNNVD-201306-195	Trust: 0.6
db:	FULLDISC	id:	20140404 RE: REMOTE COMMAND EXECUTION WITHIN THE ASUS RT-AC68U MANAGING WEB INTERFACE	Trust: 0.6
db:	FULLDISC	id:	20140404 REFLECTED CROSS-SITE SCRIPTING WITHIN THE ASUS RT-AC68U MANAGING WEB INTERFACE	Trust: 0.6
db:	BID	id:	67672	Trust: 0.4
db:	SEEBUG	id:	SSVID-79649	Trust: 0.1
db:	VULHUB	id:	VHN-65950	Trust: 0.1

sources: CNVD: CNVD-2013-07304 // CNVD: CNVD-2014-02646 // VULHUB: VHN-65950 // BID: 67672 // BID: 60431 // JVNDB: JVNDB-2013-006342 // CNNVD: CNNVD-201306-195 // CNNVD: CNNVD-201404-426 // NVD: CVE-2013-5948

REFERENCES

url:	http://seclists.org/fulldisclosure/2014/apr/66	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2014/apr/59	Trust: 2.3
url:	http://support.asus.com/download.aspx?m=rt-n66u+%28ver.b1%29	Trust: 1.7
url:	https://support.t-mobile.com/docs/doc-21994	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5948	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5948	Trust: 0.8
url:	http://www.exploit-db.com/exploits/25998	Trust: 0.6
url:	http://www.securityfocus.com/bid/60431	Trust: 0.6
url:	http://www.asus.com/	Trust: 0.3
url:	http://support.asus.com/download.aspx?slanguage=en&p=11&s=2&m=rt-ac68u&os=30&ft=20	Trust: 0.3

sources: CNVD: CNVD-2013-07304 // CNVD: CNVD-2014-02646 // VULHUB: VHN-65950 // BID: 67672 // JVNDB: JVNDB-2013-006342 // CNNVD: CNNVD-201306-195 // CNNVD: CNNVD-201404-426 // NVD: CVE-2013-5948

CREDITS

drone

Trust: 0.9

sources: BID: 60431 // CNNVD: CNNVD-201306-195

SOURCES

db:	CNVD	id:	CNVD-2013-07304
db:	CNVD	id:	CNVD-2014-02646
db:	VULHUB	id:	VHN-65950
db:	BID	id:	67672
db:	BID	id:	60431
db:	JVNDB	id:	JVNDB-2013-006342
db:	CNNVD	id:	CNNVD-201306-195
db:	CNNVD	id:	CNNVD-201404-426
db:	NVD	id:	CVE-2013-5948

LAST UPDATE DATE

2024-08-14T14:46:47.114000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-07304	date:	2013-06-14T00:00:00
db:	CNVD	id:	CNVD-2014-02646	date:	2014-04-25T00:00:00
db:	VULHUB	id:	VHN-65950	date:	2016-06-30T00:00:00
db:	BID	id:	67672	date:	2014-04-22T00:00:00
db:	BID	id:	60431	date:	2014-04-08T00:57:00
db:	JVNDB	id:	JVNDB-2013-006342	date:	2016-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201306-195	date:	2013-06-14T00:00:00
db:	CNNVD	id:	CNNVD-201404-426	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2013-5948	date:	2016-06-30T15:54:15.843

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-07304	date:	2013-06-14T00:00:00
db:	CNVD	id:	CNVD-2014-02646	date:	2014-04-25T00:00:00
db:	VULHUB	id:	VHN-65950	date:	2014-04-22T00:00:00
db:	BID	id:	67672	date:	2014-04-22T00:00:00
db:	BID	id:	60431	date:	2013-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2013-006342	date:	2014-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201306-195	date:	2013-06-14T00:00:00
db:	CNNVD	id:	CNNVD-201404-426	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2013-5948	date:	2014-04-22T13:06:25.070