Sign-up

ID

VAR-201502-0454


CVE

CVE-2014-7269


TITLE

Multiple ASUS wireless LAN routers vulnerable to OS command injection

Trust: 0.8

sources: JVNDB: JVNDB-2015-000011

DESCRIPTION

ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page. ASUS RT Series Routers has an unspecified command injection vulnerability because it failed to properly filter user-supplied input. Allows an attacker to execute arbitrary operating system commands in the context of the affected device. A security vulnerability exists in several ASUS routers

Trust: 2.52

sources: NVD: CVE-2014-7269 // JVNDB: JVNDB-2015-000011 // CNVD: CNVD-2015-00880 // BID: 72390 // VULHUB: VHN-75214

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-00880

AFFECTED PRODUCTS

vendor:asusmodel:rt-ac56sscope:lteversion:3.0.0.4.376.3715

Trust: 1.0

vendor:asusmodel:rt-ac68uscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rt-ac56sscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rt-ac68uscope:lteversion:3.0.0.4.376.3715

Trust: 1.0

vendor:asusmodel:rt-n66uscope:lteversion:3.0.0.4.376.3715

Trust: 1.0

vendor:asusmodel:rt-n56uscope:lteversion:3.0.0.376.3715

Trust: 1.0

vendor:asusmodel:rt-ac87uscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rt-n56uscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rt-n66uscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rt-ac87uscope:lteversion:3.0.0.4.378.3754

Trust: 1.0

vendor:asusmodel:rt-n66uscope:eqversion:3.0.0.4.376.3715

Trust: 0.9

vendor:asusmodel:rt-ac87uscope:eqversion:3.0.0.4.378.3754

Trust: 0.9

vendor:asusmodel:rt-ac68uscope:eqversion:3.0.0.4.376.3715

Trust: 0.9

vendor:asusmodel:rt-ac56sscope:eqversion:3.0.0.4.376.3715

Trust: 0.9

vendor:asusmodel:rt-ac56sscope:eqversion:firmware prior to 3.0.0.4.378.6065

Trust: 0.8

vendor:asusmodel:rt-ac68uscope:eqversion:firmware prior to 3.0.0.4.378.6152

Trust: 0.8

vendor:asusmodel:rt-ac87uscope:eqversion:firmware prior to 3.0.0.4.378.6065

Trust: 0.8

vendor:asusmodel:rt-n56uscope:eqversion:firmware prior to 3.0.0.4.378.6065

Trust: 0.8

vendor:asusmodel:rt-n66uscope:eqversion:firmware prior to 3.0.0.4.378.6065

Trust: 0.8

vendor:asusmodel:rt-series routersscope: - version: -

Trust: 0.6

vendor:asusmodel:rt-n56uscope:eqversion:3.0.0.376.3715

Trust: 0.6

vendor:asusmodel:rt-n56uscope:eqversion:3.0.0.4.376.3715

Trust: 0.3

sources: CNVD: CNVD-2015-00880 // BID: 72390 // JVNDB: JVNDB-2015-000011 // CNNVD: CNNVD-201502-002 // NVD: CVE-2014-7269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-7269
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2015-000011
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-00880
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-002
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75214
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-7269
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2015-000011
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2015-00880
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-75214
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-00880 // VULHUB: VHN-75214 // JVNDB: JVNDB-2015-000011 // CNNVD: CNNVD-201502-002 // NVD: CVE-2014-7269

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-75214 // JVNDB: JVNDB-2015-000011 // NVD: CVE-2014-7269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-002

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201502-002

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-000011

PATCH
title:Firmware for wireless LAN routers that addressed cross-site request forgery and OS command injection vulnerabilities are availableurl:http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR
Trust: 0.8
title:ASUS RT Series Routers has patches for unspecified command injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/54909
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00880 // 
            
            
            
            JVNDB: JVNDB-2015-000011

EXTERNAL IDS
db:NVDid:CVE-2014-7269
Trust: 3.4
db:JVNid:JVN77792759
Trust: 2.8
db:JVNDBid:JVNDB-2015-000011
Trust: 2.5
db:BIDid:72390
Trust: 1.0
db:CNNVDid:CNNVD-201502-002
Trust: 0.7
db:CNVDid:CNVD-2015-00880
Trust: 0.6
db:VULHUBid:VHN-75214
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-00880 // 
            
            
            
            VULHUB: VHN-75214 // 
            
            
            
            BID: 72390 // 
            
            
            
            JVNDB: JVNDB-2015-000011 // 
            
            
            
            CNNVD: CNNVD-201502-002 // 
            
            
            
            NVD: CVE-2014-7269

REFERENCES
url:http://jvn.jp/en/jp/jvn77792759/index.html
Trust: 2.8
url:http://www.asus.com/jp/news/pnzpd7vkxtrkwxhr
Trust: 1.7
url:http://jvndb.jvn.jp/jvndb/jvndb-2015-000011
Trust: 1.7
url://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7269
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7269
Trust: 0.8
url:http://www.securityfocus.com/bid/72390
Trust: 0.6
url:http://www.asus.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-00880 // 
            
            
            
            VULHUB: VHN-75214 // 
            
            
            
            BID: 72390 // 
            
            
            
            JVNDB: JVNDB-2015-000011 // 
            
            
            
            CNNVD: CNNVD-201502-002 // 
            
            
            
            NVD: CVE-2014-7269

CREDITS
Masashi Sakai
Trust: 0.3
sources:
            
            
            BID: 72390

SOURCES
db:CNVDid:CNVD-2015-00880
db:VULHUBid:VHN-75214
db:BIDid:72390
db:JVNDBid:JVNDB-2015-000011
db:CNNVDid:CNNVD-201502-002
db:NVDid:CVE-2014-7269

LAST UPDATE DATE
2024-11-23T22:49:23.820000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00880date:2015-02-04T00:00:00
db:VULHUBid:VHN-75214date:2015-02-04T00:00:00
db:BIDid:72390date:2015-01-28T00:00:00
db:JVNDBid:JVNDB-2015-000011date:2015-06-17T00:00:00
db:CNNVDid:CNNVD-201502-002date:2015-02-03T00:00:00
db:NVDid:CVE-2014-7269date:2024-11-21T02:16:38.947

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-00880date:2015-02-03T00:00:00
db:VULHUBid:VHN-75214date:2015-02-01T00:00:00
db:BIDid:72390date:2015-01-28T00:00:00
db:JVNDBid:JVNDB-2015-000011date:2015-01-27T00:00:00
db:CNNVDid:CNNVD-201502-002date:2015-02-03T00:00:00
db:NVDid:CVE-2014-7269date:2015-02-01T15:59:01.917