Sign-up

ID

VAR-201905-0805


CVE

CVE-2018-14713


TITLE

ASUS RT-AC3200 Vulnerabilities related to format strings

Trust: 0.8

sources: JVNDB: JVNDB-2018-015414

DESCRIPTION

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter. ASUS RT-AC3200 Contains a format string vulnerability.Information may be obtained and information may be altered. ASUS RT-AC3200 is a wireless router manufactured by Taiwan ASUS Corporation. This vulnerability stems from the lax filtering of parameter types and quantities when network systems or products receive external formatted strings as parameters

Trust: 1.71

sources: NVD: CVE-2018-14713 // JVNDB: JVNDB-2018-015414 // VULHUB: VHN-124900

AFFECTED PRODUCTS

vendor:asusmodel:rt-ac3200scope:eqversion:3.0.0.4.382.50010

Trust: 1.0

vendor:asustek computermodel:rt-ac3200scope:eqversion:3.0.0.4.382.50010

Trust: 0.8

sources: JVNDB: JVNDB-2018-015414 // NVD: CVE-2018-14713

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14713
value: HIGH

Trust: 1.0

NVD: CVE-2018-14713
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-291
value: HIGH

Trust: 0.6

VULHUB: VHN-124900
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14713
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-124900
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14713
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-124900 // JVNDB: JVNDB-2018-015414 // CNNVD: CNNVD-201905-291 // NVD: CVE-2018-14713

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2018-015414 // NVD: CVE-2018-14713

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-291

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-201905-291

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015414

PATCH
title:Top Pageurl:https://www.asustor.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015414

EXTERNAL IDS
db:NVDid:CVE-2018-14713
Trust: 2.5
db:JVNDBid:JVNDB-2018-015414
Trust: 0.8
db:CNNVDid:CNNVD-201905-291
Trust: 0.7
db:VULHUBid:VHN-124900
Trust: 0.1
sources:
            
            
            VULHUB: VHN-124900 // 
            
            
            
            JVNDB: JVNDB-2018-015414 // 
            
            
            
            CNNVD: CNNVD-201905-291 // 
            
            
            
            NVD: CVE-2018-14713

REFERENCES
url:https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-14713
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14713
Trust: 0.8
sources:
            
            
            VULHUB: VHN-124900 // 
            
            
            
            JVNDB: JVNDB-2018-015414 // 
            
            
            
            CNNVD: CNNVD-201905-291 // 
            
            
            
            NVD: CVE-2018-14713

SOURCES
db:VULHUBid:VHN-124900
db:JVNDBid:JVNDB-2018-015414
db:CNNVDid:CNNVD-201905-291
db:NVDid:CVE-2018-14713

LAST UPDATE DATE
2024-11-23T23:01:49.949000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-124900date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2018-015414date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-291date:2019-05-16T00:00:00
db:NVDid:CVE-2018-14713date:2024-11-21T03:49:38.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-124900date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2018-015414date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-291date:2019-05-13T00:00:00
db:NVDid:CVE-2018-14713date:2019-05-13T13:29:01.137