jvndb-2015-000011
Vulnerability from jvndb
Published
2015-01-27 14:23
Modified
2015-06-17 16:42
Severity ?
() - -
Summary
Multiple ASUS wireless LAN routers vulnerable to OS command injection
Details
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN77792759/index.html
CVE //cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7269
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7269
OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
ASUS JAPAN Inc.RT-AC56S
ASUS JAPAN Inc.RT-AC68U
ASUS JAPAN Inc.RT-AC87U
ASUS JAPAN Inc.RT-N56U
ASUS JAPAN Inc.RT-N66U
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
  "dc:date": "2015-06-17T16:42+09:00",
  "dcterms:issued": "2015-01-27T14:23+09:00",
  "dcterms:modified": "2015-06-17T16:42+09:00",
  "description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac56s",
      "@product": "RT-AC56S",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac68u",
      "@product": "RT-AC68U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac87u",
      "@product": "RT-AC87U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-n56u",
      "@product": "RT-N56U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-n66u",
      "@product": "RT-N66U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.2",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000011",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN77792759/index.html",
      "@id": "JVN#77792759",
      "@source": "JVN"
    },
    {
      "#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7269",
      "@id": "CVE-2014-7269",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7269",
      "@id": "CVE-2014-7269",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple ASUS wireless LAN routers vulnerable to OS command injection"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.