Vulnerabilites related to ASUS JAPAN Inc. - RT-AC68U
jvndb-2015-000011
Vulnerability from jvndb
Published
2015-01-27 14:23
Modified
2015-06-17 16:42
Summary
Multiple ASUS wireless LAN routers vulnerable to OS command injection
Details
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.
Masashi Sakai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
"dc:date": "2015-06-17T16:42+09:00",
"dcterms:issued": "2015-01-27T14:23+09:00",
"dcterms:modified": "2015-06-17T16:42+09:00",
"description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
"sec:cpe": [
{
"#text": "cpe:/h:misc:asus_japan_rt-ac56s",
"@product": "RT-AC56S",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-ac68u",
"@product": "RT-AC68U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-ac87u",
"@product": "RT-AC87U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-n56u",
"@product": "RT-N56U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-n66u",
"@product": "RT-N66U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000011",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN77792759/index.html",
"@id": "JVN#77792759",
"@source": "JVN"
},
{
"#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7269",
"@id": "CVE-2014-7269",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7269",
"@id": "CVE-2014-7269",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple ASUS wireless LAN routers vulnerable to OS command injection"
}
jvndb-2015-000012
Vulnerability from jvndb
Published
2015-01-27 14:24
Modified
2015-06-17 16:42
Summary
Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery
Details
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.
Masashi Sakai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN32631078/index.html | |
| CVE | //cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7270 | |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7270 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000012.html",
"dc:date": "2015-06-17T16:42+09:00",
"dcterms:issued": "2015-01-27T14:24+09:00",
"dcterms:modified": "2015-06-17T16:42+09:00",
"description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000012.html",
"sec:cpe": [
{
"#text": "cpe:/h:misc:asus_japan_rt-ac56s",
"@product": "RT-AC56S",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-ac68u",
"@product": "RT-AC68U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-ac87u",
"@product": "RT-AC87U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-n56u",
"@product": "RT-N56U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-n66u",
"@product": "RT-N66U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000012",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN32631078/index.html",
"@id": "JVN#32631078",
"@source": "JVN"
},
{
"#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7270",
"@id": "CVE-2014-7270",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7270",
"@id": "CVE-2014-7270",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery"
}
cve-2018-0582
Vulnerability from cvelistv5
Published
2018-05-14 13:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN73742314/index.html | third-party-advisory, x_refsource_JVN | |
| https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ASUS Japan Inc. | RT-AC68U |
Version: Firmware version prior to 3.0.0.4.380.1031 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73742314",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RT-AC68U",
"vendor": "ASUS Japan Inc.",
"versions": [
{
"status": "affected",
"version": "Firmware version prior to 3.0.0.4.380.1031"
}
]
}
],
"datePublic": "2018-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73742314",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RT-AC68U",
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.380.1031"
}
]
}
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73742314",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
},
{
"name": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0582",
"datePublished": "2018-05-14T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}