Sign-up

ID

VAR-201509-0182


CVE

CVE-2015-6949


TITLE

ASUS TM-AC1900 Router stack-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-004714

DESCRIPTION

Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values. Authentication is not required to exploit this vulnerability.The specific flaw exists within the HTTP header parsing routine. The issue lies in the failure to check the size of header values. An attacker could leverage this vulnerability to execute code within the context of root. The ASUS TM-AC1900 is a wireless router. ASUS TM-AC1900 is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition

Trust: 3.15

sources: NVD: CVE-2015-6949 // JVNDB: JVNDB-2015-004714 // ZDI: ZDI-15-409 // CNVD: CNVD-2015-06026 // BID: 76621 // VULHUB: VHN-84910

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06026

AFFECTED PRODUCTS

vendor:asusmodel:tm-1900scope:eqversion: -

Trust: 1.6

vendor:asusmodel:tm-ac1900scope: - version: -

Trust: 1.3

vendor:asustek computermodel:tm-ac1900scope: - version: -

Trust: 0.8

vendor:asusmodel:tm-ac1900scope:eqversion:0

Trust: 0.3

sources: ZDI: ZDI-15-409 // CNVD: CNVD-2015-06026 // BID: 76621 // JVNDB: JVNDB-2015-004714 // CNNVD: CNNVD-201509-182 // NVD: CVE-2015-6949

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6949
value: HIGH

Trust: 1.0

NVD: CVE-2015-6949
value: HIGH

Trust: 0.8

ZDI: CVE-2015-6949
value: HIGH

Trust: 0.7

CNVD: CNVD-2015-06026
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201509-182
value: CRITICAL

Trust: 0.6

VULHUB: VHN-84910
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6949
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2015-6949
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2015-06026
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84910
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-15-409 // CNVD: CNVD-2015-06026 // VULHUB: VHN-84910 // JVNDB: JVNDB-2015-004714 // CNNVD: CNNVD-201509-182 // NVD: CVE-2015-6949

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-84910 // JVNDB: JVNDB-2015-004714 // NVD: CVE-2015-6949

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-182

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201509-182

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004714

PATCH
title:TM-AC1900url:http://www.asus.com/jp/supportonly/TM-AC1900/HelpDesk_Download/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004714

EXTERNAL IDS
db:ZDIid:ZDI-15-409
Trust: 4.1
db:NVDid:CVE-2015-6949
Trust: 3.8
db:SECTRACKid:1033560
Trust: 1.1
db:JVNDBid:JVNDB-2015-004714
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3035
Trust: 0.7
db:CNVDid:CNVD-2015-06026
Trust: 0.6
db:CNNVDid:CNNVD-201509-182
Trust: 0.6
db:BIDid:76621
Trust: 0.3
db:SEEBUGid:SSVID-89569
Trust: 0.1
db:VULHUBid:VHN-84910
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-409 // 
            
            
            
            CNVD: CNVD-2015-06026 // 
            
            
            
            VULHUB: VHN-84910 // 
            
            
            
            BID: 76621 // 
            
            
            
            JVNDB: JVNDB-2015-004714 // 
            
            
            
            CNNVD: CNNVD-201509-182 // 
            
            
            
            NVD: CVE-2015-6949

REFERENCES
url:http://www.zerodayinitiative.com/advisories/zdi-15-409/
Trust: 1.7
url:http://www.zerodayinitiative.com/advisories/zdi-15-409
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6949
Trust: 1.4
url:http://www.securitytracker.com/id/1033560
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6949
Trust: 0.8
url:http://www.asus.com/networking/rtn56u/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06026 // 
            
            
            
            VULHUB: VHN-84910 // 
            
            
            
            BID: 76621 // 
            
            
            
            JVNDB: JVNDB-2015-004714 // 
            
            
            
            CNNVD: CNNVD-201509-182 // 
            
            
            
            NVD: CVE-2015-6949

CREDITS
Elvis Collado - HP DVLabs
Trust: 0.7
sources:
            
            
            ZDI: ZDI-15-409

SOURCES
db:ZDIid:ZDI-15-409
db:CNVDid:CNVD-2015-06026
db:VULHUBid:VHN-84910
db:BIDid:76621
db:JVNDBid:JVNDB-2015-004714
db:CNNVDid:CNNVD-201509-182
db:NVDid:CVE-2015-6949

LAST UPDATE DATE
2024-11-23T22:52:42.797000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-409date:2015-09-02T00:00:00
db:CNVDid:CNVD-2015-06026date:2015-09-17T00:00:00
db:VULHUBid:VHN-84910date:2016-12-22T00:00:00
db:BIDid:76621date:2015-09-02T00:00:00
db:JVNDBid:JVNDB-2015-004714date:2015-09-17T00:00:00
db:CNNVDid:CNNVD-201509-182date:2015-09-16T00:00:00
db:NVDid:CVE-2015-6949date:2024-11-21T02:35:56.307

SOURCES RELEASE DATE
db:ZDIid:ZDI-15-409date:2015-09-02T00:00:00
db:CNVDid:CNVD-2015-06026date:2015-09-17T00:00:00
db:VULHUBid:VHN-84910date:2015-09-15T00:00:00
db:BIDid:76621date:2015-09-02T00:00:00
db:JVNDBid:JVNDB-2015-004714date:2015-09-17T00:00:00
db:CNNVDid:CNNVD-201509-182date:2015-09-16T00:00:00
db:NVDid:CVE-2015-6949date:2015-09-15T18:59:09.133