Vulnerabilites related to asus - tm-ac1900
Vulnerability from fkie_nvd
Published
2014-01-22 05:22
Modified
2024-11-21 01:59
Severity ?
Summary
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | tm-ac1900_firmware | 3.0.0.4..374_979 | |
| asus | tm-ac1900 | - | |
| asus | rt-n56u_firmware | 3.0.0.4..374_979 | |
| asus | rt-n56u | - | |
| asus | rt-ac66u_firmware | 3.0.0.4..374_979 | |
| asus | rt-ac66u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:tm-ac1900_firmware:3.0.0.4..374_979:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD9DC72-BBEA-4152-9109-2C0136832B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:tm-ac1900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BB1518-24C4-4822-A040-9AB8F16B1C53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-n56u_firmware:3.0.0.4..374_979:*:*:*:*:*:*:*",
"matchCriteriaId": "5D76427C-05A6-475E-A199-3E86683CF266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4..374_979:*:*:*:*:*:*:*",
"matchCriteriaId": "446DE8B4-C6E2-4292-8CD5-D890515E9F6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en web.c de httpd en routers ASUS RT-N56U y RT-AC66U con firmware 3.0.0.4.374_979 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de par\u00e1metros (1) apps_name o (2) apps_flag hacia APP_Installation.asp."
}
],
"id": "CVE-2013-6343",
"lastModified": "2024-11-21T01:59:02.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-22T05:22:12.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/102267"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/31033"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65046"
},
{
"source": "cve@mitre.org",
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/31033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.t-mobile.com/docs/DOC-21994"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201401-0239
Vulnerability from variot
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. ASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter 'apps_name' and The 'apps_flag' parameter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0239",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4..374_979"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4..374_979"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4..374_979"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374_979"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.374_979"
},
{
"model": "rt-ac66u 3.0.0.4.374 979",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n56u 3.0.0.4.374 979",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-ac66u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n56u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb",
"sources": [
{
"db": "BID",
"id": "65046"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6343",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-6343",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-66345",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6343",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-6343",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-00486",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-417",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-66345",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. \nASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter \u0027apps_name\u0027 and The \u0027apps_flag\u0027 parameter",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6343"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "BID",
"id": "65046"
},
{
"db": "VULHUB",
"id": "VHN-66345"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66345",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66345"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6343",
"trust": 3.4
},
{
"db": "BID",
"id": "65046",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "102267",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "31033",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00486",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124855",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-84386",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-61364",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66345",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "BID",
"id": "65046"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"id": "VAR-201401-0239",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
}
],
"trust": 1.41918854
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
}
]
},
"last_update_date": "2024-11-23T23:05:48.491000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.asus.com/"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.asus.com/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65046"
},
{
"trust": 1.1,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/31033"
},
{
"trust": 1.1,
"url": "http://osvdb.org/102267"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6343"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6343"
},
{
"trust": 0.8,
"url": "http://infosec42.blogspot.jp/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
},
{
"trust": 0.6,
"url": "https://bugs.webkit.org/show_bug.cgi?id=126946"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"db": "VULHUB",
"id": "VHN-66345"
},
{
"db": "BID",
"id": "65046"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"date": "2014-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-66345"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65046"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"date": "2014-01-22T05:22:12.737000",
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00486"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-66345"
},
{
"date": "2014-01-21T00:00:00",
"db": "BID",
"id": "65046"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005890"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-417"
},
{
"date": "2024-11-21T01:59:02.770000",
"db": "NVD",
"id": "CVE-2013-6343"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-N56U and RT-AC66U Router firmware buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005890"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-417"
}
],
"trust": 0.6
}
}
var-201509-0182
Vulnerability from variot
Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values. Authentication is not required to exploit this vulnerability.The specific flaw exists within the HTTP header parsing routine. The issue lies in the failure to check the size of header values. An attacker could leverage this vulnerability to execute code within the context of root. The ASUS TM-AC1900 is a wireless router. ASUS TM-AC1900 is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tm-1900",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": null
},
{
"model": "tm-ac1900",
"scope": null,
"trust": 1.3,
"vendor": "asus",
"version": null
},
{
"model": "tm-ac1900",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-409"
},
{
"db": "CNVD",
"id": "CNVD-2015-06026"
},
{
"db": "BID",
"id": "76621"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-182"
},
{
"db": "NVD",
"id": "CVE-2015-6949"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:asus:tm-1900",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elvis Collado - HP DVLabs",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-409"
}
],
"trust": 0.7
},
"cve": "CVE-2015-6949",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-6949",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "CVE-2015-6949",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "CNVD-2015-06026",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-84910",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6949",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6949",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-6949",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06026",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-182",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84910",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-409"
},
{
"db": "CNVD",
"id": "CNVD-2015-06026"
},
{
"db": "VULHUB",
"id": "VHN-84910"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-182"
},
{
"db": "NVD",
"id": "CVE-2015-6949"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values. Authentication is not required to exploit this vulnerability.The specific flaw exists within the HTTP header parsing routine. The issue lies in the failure to check the size of header values. An attacker could leverage this vulnerability to execute code within the context of root. The ASUS TM-AC1900 is a wireless router. ASUS TM-AC1900 is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6949"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
},
{
"db": "ZDI",
"id": "ZDI-15-409"
},
{
"db": "CNVD",
"id": "CNVD-2015-06026"
},
{
"db": "BID",
"id": "76621"
},
{
"db": "VULHUB",
"id": "VHN-84910"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-409",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2015-6949",
"trust": 3.8
},
{
"db": "SECTRACK",
"id": "1033560",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004714",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3035",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06026",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-182",
"trust": 0.6
},
{
"db": "BID",
"id": "76621",
"trust": 0.3
},
{
"db": "SEEBUG",
"id": "SSVID-89569",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-84910",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-409"
},
{
"db": "CNVD",
"id": "CNVD-2015-06026"
},
{
"db": "VULHUB",
"id": "VHN-84910"
},
{
"db": "BID",
"id": "76621"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-182"
},
{
"db": "NVD",
"id": "CVE-2015-6949"
}
]
},
"id": "VAR-201509-0182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06026"
},
{
"db": "VULHUB",
"id": "VHN-84910"
}
],
"trust": 1.34285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06026"
}
]
},
"last_update_date": "2024-11-23T22:52:42.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TM-AC1900",
"trust": 0.8,
"url": "http://www.asus.com/jp/supportonly/TM-AC1900/HelpDesk_Download/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84910"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
},
{
"db": "NVD",
"id": "CVE-2015-6949"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-409/"
},
{
"trust": 1.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-409"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6949"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033560"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6949"
},
{
"trust": 0.3,
"url": "http://www.asus.com/networking/rtn56u/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06026"
},
{
"db": "VULHUB",
"id": "VHN-84910"
},
{
"db": "BID",
"id": "76621"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-182"
},
{
"db": "NVD",
"id": "CVE-2015-6949"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-409"
},
{
"db": "CNVD",
"id": "CNVD-2015-06026"
},
{
"db": "VULHUB",
"id": "VHN-84910"
},
{
"db": "BID",
"id": "76621"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-182"
},
{
"db": "NVD",
"id": "CVE-2015-6949"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-409"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06026"
},
{
"date": "2015-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-84910"
},
{
"date": "2015-09-02T00:00:00",
"db": "BID",
"id": "76621"
},
{
"date": "2015-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004714"
},
{
"date": "2015-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-182"
},
{
"date": "2015-09-15T18:59:09.133000",
"db": "NVD",
"id": "CVE-2015-6949"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-409"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06026"
},
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-84910"
},
{
"date": "2015-09-02T00:00:00",
"db": "BID",
"id": "76621"
},
{
"date": "2015-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004714"
},
{
"date": "2015-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-182"
},
{
"date": "2024-11-21T02:35:56.307000",
"db": "NVD",
"id": "CVE-2015-6949"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-182"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS TM-AC1900 Router stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004714"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-182"
}
],
"trust": 0.6
}
}
cve-2013-6343
Vulnerability from cvelistv5
Published
2014-01-22 02:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
References
| ▼ | URL | Tags |
|---|---|---|
| http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html | x_refsource_MISC | |
| http://osvdb.org/102267 | vdb-entry, x_refsource_OSVDB | |
| https://support.t-mobile.com/docs/DOC-21994 | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/31033 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/65046 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
},
{
"name": "102267",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102267"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"name": "31033",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/31033"
},
{
"name": "65046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
},
{
"name": "102267",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102267"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"name": "31033",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/31033"
},
{
"name": "65046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html"
},
{
"name": "102267",
"refsource": "OSVDB",
"url": "http://osvdb.org/102267"
},
{
"name": "https://support.t-mobile.com/docs/DOC-21994",
"refsource": "CONFIRM",
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"name": "31033",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31033"
},
{
"name": "65046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6343",
"datePublished": "2014-01-22T02:00:00",
"dateReserved": "2013-11-01T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}