Details of VAR-201501-0697

ID

VAR-201501-0697

CVE

CVE-2014-9583

TITLE

plural ASUS Used in router WRT Vulnerabilities that can bypass authentication in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-007550

DESCRIPTION

common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. The vulnerability was initially CVE-2014-10000 It was numbered. But that ID Is 2014 Of year CVE ID It became invalid due to the configuration change.By a third party UDP port 9999 of NET_CMD_ID_MANU_CMD Authentication may be bypassed and arbitrary commands may be executed via packets. Asuswrt 'infosvr' has a remote command execution vulnerability because the application did not adequately filter the input data. ASUSWRT is ASUS router firmware. In the ASUS WRT 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52 version, the common.c of infosvr failed to correctly check the requested MAC address. This could allow a remote attacker to send NET_CMD_ID_MANU_CMD packets to UDP port 9999. This vulnerability bypasses authentication and executes arbitrary commands. Asuswrt 3.0.0.4.376_1071 is vulnerable; other versions may also be affected. <p><strong> Vulnerability Summary </strong></p><p>2014 Year 10 moon 3 Day, foreign security researcher Joshua J. Drake in him github ( <a href="https://github.com/jduck">https://github.com/jduck</a> ) submitted a remote command execution vulnerability against ASUS routers poc ( <a href="https://github.com/jduck/asus-cmd">https://github.com/jduck/asus-cmd</a> ). </p><h4>a)     Vulnerability description </h4><p> asus router R series routers using the open source router system  <a href="https://github.com/RMerl/asuswrt-merlin" target="_blank">Asuswrt</a> , the open source code brings us a lot of convenience for subsequent vulnerability analysis without reverse analysis. exist Asuswrt exists in  <a href="https://github.com/RMerl/asuswrt-merlin/tree/master/release/src/router/infosvr" target="_blank">infosvr</a>  process, which listens on 0.0.0.0 IP on, monitor any IP of 9999 UDP port. </p><h4>b)     Vulnerability impact </h4><p> according to Joshua J. Drake exist github According to the above analysis, the affected versions are as follows: </p><p><img src="http://blog.knownsec.com/wp-content/uploads/2015/01/1.jpg" alt="1" width="492"..

Trust: 3.15

sources: NVD: CVE-2014-9583 // JVNDB: JVNDB-2014-007550 // CNVD: CNVD-2015-00156 // CNVD: CNVD-2015-00409 // BID: 71889 // VULHUB: VHN-77528 // VULMON: CVE-2014-9583

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2015-00156 // CNVD: CNVD-2015-00409

AFFECTED PRODUCTS

vendor:	asus	model:	wrt	scope:	eq	version:	3.0.0.4.376_1071	Trust: 1.6
vendor:	asus	model:	wrt	scope:	eq	version:	3.0.0.4.376.2524-g0012f52	Trust: 1.6
vendor:	t mobile	model:	tm-ac1900	scope:	eq	version:	3.0.0.4.376_3169	Trust: 1.0
vendor:	asustek computer	model:	rt-ac66u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-n66u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	wrt	scope:	eq	version:	3.0.0.376.2524-g0013f52	Trust: 0.8
vendor:	asustek computer	model:	wrt	scope:	eq	version:	3.0.0.4.376_1071	Trust: 0.8
vendor:	asustek computer	model:	asuswrt 3.0.0.4.376 1071	scope:	-	version:	-	Trust: 0.6
vendor:	asustek computer	model:	wrt 3.0.0.4.376.2524-g0012f52	scope:	-	version:	-	Trust: 0.6
vendor:	asustek computer	model:	wrt 3.0.0.4.376 1071	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2015-00156 // CNVD: CNVD-2015-00409 // JVNDB: JVNDB-2014-007550 // CNNVD: CNNVD-201501-143 // NVD: CVE-2014-9583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9583
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9583
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-00156
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2015-00409
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201501-143
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-77528
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-9583
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9583
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-00156
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2015-00409
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-77528
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-00156 // CNVD: CNVD-2015-00409 // VULHUB: VHN-77528 // VULMON: CVE-2014-9583 // JVNDB: JVNDB-2014-007550 // CNNVD: CNNVD-201501-143 // NVD: CVE-2014-9583

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-77528 // JVNDB: JVNDB-2014-007550 // NVD: CVE-2014-9583

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-143

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201501-143

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007550

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-77528 // VULMON: CVE-2014-9583

PATCH

title:	ASUS Router infosvr UDP Broadcast root Command Execution	url:	https://github.com/jduck/asus-cmd	Trust: 0.8
title:	Cellspot router firmware update information	url:	https://support.t-mobile.com/docs/DOC-21994	Trust: 0.8
title:	GPL_RT_N66U_30043762524	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53192	Trust: 0.6
title:	asus-cmd	url:	https://github.com/jduck/asus-cmd	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/asus-patches-root-command-execution-flaws-haunting-over-a-dozen-router-models/129666/	Trust: 0.1

sources: VULMON: CVE-2014-9583 // JVNDB: JVNDB-2014-007550 // CNNVD: CNNVD-201501-143

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9583	Trust: 3.5
db:	PACKETSTORM	id:	129815	Trust: 2.6
db:	EXPLOIT-DB	id:	35688	Trust: 2.4
db:	BID	id:	71889	Trust: 1.6
db:	EXPLOIT-DB	id:	44524	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-007550	Trust: 0.8
db:	CNVD	id:	CNVD-2015-00156	Trust: 0.6
db:	EXPLOITDB	id:	35688	Trust: 0.6
db:	CNVD	id:	CNVD-2015-00409	Trust: 0.6
db:	CNNVD	id:	CNNVD-201501-143	Trust: 0.6
db:	PACKETSTORM	id:	147284	Trust: 0.1
db:	SEEBUG	id:	SSVID-89236	Trust: 0.1
db:	VULHUB	id:	VHN-77528	Trust: 0.1
db:	VULMON	id:	CVE-2014-9583	Trust: 0.1

sources: CNVD: CNVD-2015-00156 // CNVD: CNVD-2015-00409 // VULHUB: VHN-77528 // VULMON: CVE-2014-9583 // BID: 71889 // JVNDB: JVNDB-2014-007550 // CNNVD: CNNVD-201501-143 // NVD: CVE-2014-9583

REFERENCES

url:	http://packetstormsecurity.com/files/129815/asuswrt-3.0.0.4.376_1071-lan-backdoor-command-execution.html	Trust: 2.6
url:	https://github.com/jduck/asus-cmd	Trust: 1.9
url:	http://www.exploit-db.com/exploits/35688	Trust: 1.8
url:	https://www.exploit-db.com/exploits/44524/	Trust: 1.3
url:	http://www.securityfocus.com/bid/71889	Trust: 1.2
url:	https://support.t-mobile.com/docs/doc-21994	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9583	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9583	Trust: 0.8
url:	http://dlcdnet.asus.com/pub/asus/wireless/rt-n66u_b1/fw_rt_n66u_30043762524.zip	Trust: 0.6
url:	http://www.exploit-db.com/exploits/35688/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Friedrich Postelstorfer

Trust: 0.9

sources: BID: 71889 // CNNVD: CNNVD-201501-143

SOURCES

db:	CNVD	id:	CNVD-2015-00156
db:	CNVD	id:	CNVD-2015-00409
db:	VULHUB	id:	VHN-77528
db:	VULMON	id:	CVE-2014-9583
db:	BID	id:	71889
db:	JVNDB	id:	JVNDB-2014-007550
db:	CNNVD	id:	CNNVD-201501-143
db:	NVD	id:	CVE-2014-9583

LAST UPDATE DATE

2024-11-23T22:56:30.688000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-00156	date:	2015-01-09T00:00:00
db:	CNVD	id:	CNVD-2015-00409	date:	2020-03-10T00:00:00
db:	VULHUB	id:	VHN-77528	date:	2018-04-27T00:00:00
db:	VULMON	id:	CVE-2014-9583	date:	2018-04-27T00:00:00
db:	BID	id:	71889	date:	2015-01-15T00:03:00
db:	JVNDB	id:	JVNDB-2014-007550	date:	2016-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201501-143	date:	2015-01-14T00:00:00
db:	NVD	id:	CVE-2014-9583	date:	2024-11-21T02:21:11.230

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-00156	date:	2015-01-09T00:00:00
db:	CNVD	id:	CNVD-2015-00409	date:	2015-01-19T00:00:00
db:	VULHUB	id:	VHN-77528	date:	2015-01-08T00:00:00
db:	VULMON	id:	CVE-2014-9583	date:	2015-01-08T00:00:00
db:	BID	id:	71889	date:	2015-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2014-007550	date:	2015-01-13T00:00:00
db:	CNNVD	id:	CNNVD-201501-143	date:	2015-01-08T00:00:00
db:	NVD	id:	CVE-2014-9583	date:	2015-01-08T20:59:02.243