Lucene search

[email protected]CVE-2014-2718

HistoryNov 04, 2014 - 10:55 p.m.

CVE-2014-2718

2014-11-0422:55:06

CWE-345

[email protected]

web.nvd.nist.gov

asus

router

firmware

vulnerability

mitm

security

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

7.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.2%

JSON

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.

Affected configurations

NVD

Node

t-mobiletm-ac1900Match3.0.0.4.376_3169

Node

asusrt_series_firmwareRange≤3.0.0.4.374.x

AND

asusrt-ac56r

asusrt-ac66r

asusrt-ac66u

asusrt-ac68u

asusrt-n56r

asusrt-n56u

asusrt-n66r

asusrt-n66u

CPENameOperatorVersion
t-mobile:tm-ac1900t-mobile tm-ac1900eq3.0.0.4.376_3169

CPE	Name	Operator	Version
t-mobile:tm-ac1900	t-mobile tm-ac1900	eq	3.0.0.4.376_3169

References

dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html

packetstormsecurity.com/files/128904/ASUS-Router-Man-In-The-Middle.html

seclists.org/fulldisclosure/2014/Oct/122

www.securityfocus.com/bid/70791

exchange.xforce.ibmcloud.com/vulnerabilities/98316

support.t-mobile.com/docs/DOC-21994

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

7.6 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.2%

JSON

Related for CVE-2014-2718

cvelist1 prion1 nvd1