var-201411-0483
Vulnerability from variot
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a file from http://dlcdnet.asus.com, parses it to determine the latest firmware version, then downloads (again in the clear) a binary file matching that version number from the same web site. No HTTP = no assurance that the site on the other end is the legitimate ASUS web site, and no assurance that the firmware file and version lookup table have not been modified in transit.
In the link below I describe the issue in detail, and demonstrate a proof of concept through which I successfully caused an RT-AC66R to "upgrade" to an older firmware with known vulnerabilities. In concept it should also be possible to deliver a fully custom malicious firmware in the same manner.
This applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the RT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base but a different sub-version.
This has been fixed as an undocumented feature of the 376 firmware branch (3.0.0.4.376.x).
Details and POC: http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html
-- Regards, David Longenecker @dnlongen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.6,
"vendor": "t mobile",
"version": "3.0.0.4.376_3169"
},
{
"model": "rt series",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.374.x"
},
{
"model": "rt",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.376.x"
},
{
"model": "rt-series wireless routers",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n56r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n53",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n16",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-n14u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac66r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
},
{
"model": "rt-ac56r",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Longenecker",
"sources": [
{
"db": "BID",
"id": "70791"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
}
],
"trust": 1.0
},
"cve": "CVE-2014-2718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2718",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07699",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-70657",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2718",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2718",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-07699",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1415",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70657",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. Supplementary information : CWE Vulnerability type by CWE-345: Insufficient Verification of Data Authenticity ( Inadequate verification of data reliability ) Has been identified. ASUS RT-Series Wireless Routers is a wireless router device. There is a middleman security bypass vulnerability in ASUS RT Series Wireless Routers. An attacker can exploit a vulnerability to bypass certain restrictions and obtain sensitive information. The following products are affected: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. In short, the router downloads via clear-text a\nfile from http://dlcdnet.asus.com, parses it to determine the latest\nfirmware version, then downloads (again in the clear) a binary file\nmatching that version number from the same web site. No HTTP = no assurance\nthat the site on the other end is the legitimate ASUS web site, and no\nassurance that the firmware file and version lookup table have not been\nmodified in transit. \n\nIn the link below I describe the issue in detail, and demonstrate a proof\nof concept through which I successfully caused an RT-AC66R to \"upgrade\" to\nan older firmware with known vulnerabilities. In concept it should also be\npossible to deliver a fully custom malicious firmware in the same manner. \n\nThis applies to the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R,\nRT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U. It may also apply to the\nRT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base\nbut a different sub-version. \n\nThis has been fixed as an undocumented feature of the 376 firmware branch\n(3.0.0.4.376.x). \n\nDetails and POC:\nhttp://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html\n\n-- \nRegards,\nDavid Longenecker\n@dnlongen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2718"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "PACKETSTORM",
"id": "128904"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-70657",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70657"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2718",
"trust": 3.5
},
{
"db": "BID",
"id": "70791",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "128904",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-07699",
"trust": 0.6
},
{
"db": "XF",
"id": "98316",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70657",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"id": "VAR-201411-0483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
}
],
"trust": 1.3441403886666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
}
]
},
"last_update_date": "2024-11-23T22:52:49.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.asus.com/jp/"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/DOC-21994"
},
{
"title": "ASUS RT Series Wireless Routers patch for middleman security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/51508"
},
{
"title": "FW_RT_AC68U_30043763715",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54536"
},
{
"title": "FW_RT_AC68U_30043763626",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54537"
},
{
"title": "FW_RT_AC68U_30043761663",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54538"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2014/oct/122"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/70791"
},
{
"trust": 2.1,
"url": "http://dnlongen.blogspot.com/2014/10/cve-2014-2718-asus-rt-mitm.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128904/asus-router-man-in-the-middle.html"
},
{
"trust": 1.1,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2718"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2718"
},
{
"trust": 0.8,
"url": "http://dnlongen.blogspot.jp/2014/10/cve-2014-2718-asus-rt-mitm.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/98316"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
},
{
"trust": 0.1,
"url": "http://dlcdnet.asus.com,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2718"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"db": "VULHUB",
"id": "VHN-70657"
},
{
"db": "BID",
"id": "70791"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"db": "PACKETSTORM",
"id": "128904"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"date": "2014-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-70657"
},
{
"date": "2014-10-28T00:00:00",
"db": "BID",
"id": "70791"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"date": "2014-10-29T12:11:11",
"db": "PACKETSTORM",
"id": "128904"
},
{
"date": "2014-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"date": "2014-11-04T22:55:06.417000",
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07699"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-70657"
},
{
"date": "2014-10-28T00:00:00",
"db": "BID",
"id": "70791"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005239"
},
{
"date": "2014-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1415"
},
{
"date": "2024-11-21T02:06:49.693000",
"db": "NVD",
"id": "CVE-2014-2718"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1415"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT Series router firmware arbitrary code execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "70791"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.