Details of VAR-201404-0636

ID

VAR-201404-0636

CVE

CVE-2014-2719

TITLE

ASUS RT-Series Wireless Routers 'Advanced_System_Content.asp' Information Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-02538 // BID: 66954

DESCRIPTION

Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. ASUS RT-Series Wireless Routers is a wireless router device. ASUS RT-Series Wireless Routers 'Advanced_System_Content.asp' has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. ASUS RT-Series running firmware versions prior to 3.0.0.4.374.5517 are vulnerable

Trust: 2.52

sources: NVD: CVE-2014-2719 // JVNDB: JVNDB-2014-002210 // CNVD: CNVD-2014-02538 // BID: 66954 // VULHUB: VHN-70658

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-02538

AFFECTED PRODUCTS

vendor:	asus	model:	rt-n56u	scope:	eq	version:	3.0.0.4.318	Trust: 1.6
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.4.220	Trust: 1.6
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	3.0.0.4.374_4887	Trust: 1.6
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.8n	Trust: 1.6
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	3.0.0.4.374.4755	Trust: 1.6
vendor:	asus	model:	rt-n66u	scope:	eq	version:	3.0.0.4.370	Trust: 1.6
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.8j	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.246	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.3.176	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	1.0.1.9	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.4.334	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.260	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	7.0.2.38b	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	8.1.1.4	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.4.342	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	3.0.0.4.360	Trust: 1.0
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.20	Trust: 1.0
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	-	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	7.0.1.32	Trust: 1.0
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.16	Trust: 1.0
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.25	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.3.162	Trust: 1.0
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.24	Trust: 1.0
vendor:	asus	model:	rt-n14u	scope:	eq	version:	3.0.0.4.356	Trust: 1.0
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.10	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.3.134	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.4	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.354	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.8l	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.4.246	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.4.346	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.4.260	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.4o	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	1.0.2.3	Trust: 1.0
vendor:	asus	model:	rt-n65u	scope:	eq	version:	3.0.0.4.260	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.140	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.7c	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.3.178	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.220	Trust: 1.0
vendor:	asus	model:	rt-ac68u	scope:	eq	version:	3.0.0.4.374_4561	Trust: 1.0
vendor:	asus	model:	rt-n14u	scope:	eq	version:	3.0.0.4.322	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	7.0.1.21	Trust: 1.0
vendor:	t mobile	model:	tm-ac1900	scope:	eq	version:	3.0.0.4.376_3169	Trust: 1.0
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.270	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	3.0.0.4.334	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	3.0.0.4.342	Trust: 1.0
vendor:	asus	model:	rt-n66u	scope:	eq	version:	3.0.0.4.272	Trust: 1.0
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.19	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.3.108	Trust: 1.0
vendor:	asus	model:	rt-n16	scope:	eq	version:	3.0.0.4.354	Trust: 1.0
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.7	Trust: 1.0
vendor:	asus	model:	rt-n56u	scope:	eq	version:	1.0.1.7f	Trust: 1.0
vendor:	asustek computer	model:	rt-ac66u	scope:	lt	version:	3.0.0.4.374.5517	Trust: 0.8
vendor:	asustek computer	model:	rt-ac68u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ac68u	scope:	lt	version:	3.0.0.4.374.5517	Trust: 0.8
vendor:	asustek computer	model:	rt-n10e	scope:	lt	version:	3.0.0.4.374.5517	Trust: 0.8
vendor:	asustek computer	model:	rt-n14u	scope:	lt	version:	3.0.0.4.374.5517	Trust: 0.8
vendor:	asustek computer	model:	rt-n16	scope:	lt	version:	3.0.0.4.374.5517	Trust: 0.8
vendor:	asustek computer	model:	rt-n56u	scope:	lt	version:	3.0.0.4.374.5517	Trust: 0.8
vendor:	asustek computer	model:	rt-n65u	scope:	lt	version:	3.0.0.4.374.5517	Trust: 0.8
vendor:	asustek computer	model:	rt-n66u	scope:	lt	version:	3.0.0.4.374.5517	Trust: 0.8
vendor:	asus	model:	rt-series wireless routers	scope:	lte	version:	<=3.0.0.4.374.5517	Trust: 0.6

sources: CNVD: CNVD-2014-02538 // JVNDB: JVNDB-2014-002210 // CNNVD: CNNVD-201404-434 // NVD: CVE-2014-2719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2719
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2719
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02538
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-434
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70658
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2719
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02538
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-70658
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-02538 // VULHUB: VHN-70658 // JVNDB: JVNDB-2014-002210 // CNNVD: CNNVD-201404-434 // NVD: CVE-2014-2719

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-70658 // JVNDB: JVNDB-2014-002210 // NVD: CVE-2014-2719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-434

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201404-434

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002210

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-70658

PATCH

title:	RT-N66U	url:	http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29	Trust: 0.8
title:	Cellspot router firmware update information	url:	https://support.t-mobile.com/docs/DOC-21994	Trust: 0.8
title:	ASUS RT-Series Wireless Routers 'Advanced_System_Content.asp' Patch for Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/45075	Trust: 0.6

sources: CNVD: CNVD-2014-02538 // JVNDB: JVNDB-2014-002210

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2719	Trust: 3.1
db:	BID	id:	66954	Trust: 0.9
db:	JVNDB	id:	JVNDB-2014-002210	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-434	Trust: 0.7
db:	CNVD	id:	CNVD-2014-02538	Trust: 0.6
db:	FULLDISC	id:	20140416 ASUS RT-XXXX SOHO ROUTERS EXPOSE ADMIN PASSWORD, FIXED IN 3.0.0.4.374.5517	Trust: 0.6
db:	PACKETSTORM	id:	126213	Trust: 0.1
db:	VULHUB	id:	VHN-70658	Trust: 0.1

sources: CNVD: CNVD-2014-02538 // VULHUB: VHN-70658 // BID: 66954 // JVNDB: JVNDB-2014-002210 // CNNVD: CNNVD-201404-434 // NVD: CVE-2014-2719

REFERENCES

url:	http://seclists.org/fulldisclosure/2014/apr/225	Trust: 2.3
url:	http://support.asus.com/download.aspx?m=rt-n66u+%28ver.b1%29	Trust: 1.7
url:	http://dnlongen.blogspot.com/2014/04/cve-2014-2719-asus-rt-password-disclosure.html	Trust: 1.7
url:	https://support.t-mobile.com/docs/doc-21994	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2719	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2719	Trust: 0.8
url:	http://dnlongen.blogspot.jp/2014/04/cve-2014-2719-asus-rt-password-disclosure.html	Trust: 0.8
url:	http://www.asus.com/	Trust: 0.3

sources: CNVD: CNVD-2014-02538 // VULHUB: VHN-70658 // BID: 66954 // JVNDB: JVNDB-2014-002210 // CNNVD: CNNVD-201404-434 // NVD: CVE-2014-2719

CREDITS

David Longenecker

Trust: 0.3

sources: BID: 66954

SOURCES

db:	CNVD	id:	CNVD-2014-02538
db:	VULHUB	id:	VHN-70658
db:	BID	id:	66954
db:	JVNDB	id:	JVNDB-2014-002210
db:	CNNVD	id:	CNNVD-201404-434
db:	NVD	id:	CVE-2014-2719

LAST UPDATE DATE

2024-11-23T22:27:20.259000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02538	date:	2014-04-21T00:00:00
db:	VULHUB	id:	VHN-70658	date:	2016-06-30T00:00:00
db:	BID	id:	66954	date:	2014-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-002210	date:	2016-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201404-434	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-2719	date:	2024-11-21T02:06:49.840

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-02538	date:	2014-04-21T00:00:00
db:	VULHUB	id:	VHN-70658	date:	2014-04-22T00:00:00
db:	BID	id:	66954	date:	2014-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-002210	date:	2014-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201404-434	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-2719	date:	2014-04-22T13:06:29.493