Lucene search

[email protected]CVE-2013-5948

HistoryApr 22, 2014 - 1:06 p.m.

CVE-2013-5948

2014-04-2213:06:25

CWE-78

[email protected]

web.nvd.nist.gov

asus rt-ac68u

rt series routers

firmware vulnerability

remote authentication

arbitrary commands

nvd

cve-2013-5948

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).

Affected configurations

NVD

Node

t-mobiletm-ac1900Match3.0.0.4.376_3169

Node

asusrt-ac68u_firmwareMatch3.0.0.4.374.4755

asusrt-ac68u_firmwareMatch3.0.0.4.374_4561

asusrt-ac68u_firmwareMatch3.0.0.4.374_4887

AND

asusrt-ac68uMatch-

CPENameOperatorVersion
t-mobile:tm-ac1900t-mobile tm-ac1900eq3.0.0.4.376_3169

CPE	Name	Operator	Version
t-mobile:tm-ac1900	t-mobile tm-ac1900	eq	3.0.0.4.376_3169

References

seclists.org/fulldisclosure/2014/Apr/59

seclists.org/fulldisclosure/2014/Apr/66

support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29

support.t-mobile.com/docs/DOC-21994

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

Related for CVE-2013-5948

prion1 cvelist1 nvd1 threatpost1