Details of VAR-201402-0564

ID

VAR-201402-0564

TITLE

Multiple vulnerabilities in multiple ASUS routers

Trust: 0.6

sources: CNVD: CNVD-2014-01238

DESCRIPTION

ASUS is one of the world's leading providers of 3C solutions, dedicated to providing the most innovative products and applications to individuals and businesses. ASUS multiple router products have security vulnerabilities: 1. A reflective cross-site scripting vulnerability exists on the router error page, allowing an attacker to build a malicious URI, enticing a user to resolve, gaining sensitive information or hijacking a user session. 2, http://192.168.1.1/error_page.htm The error page contains the current administrator password information, allowing the attacker to view the source code to obtain the password information. An attacker could leverage these issues to gain unauthorized access to the affected device, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device

Trust: 0.81

sources: CNVD: CNVD-2014-01238 // BID: 65733

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01238

AFFECTED PRODUCTS

vendor:	asus	model:	rt-n10u 3.0.0.4.374 168	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n56u 3.0.0.4.374 979	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	dsl-n55u 3.0.0.4.374 1397	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-ac66u 3.0.0.4.374 2050	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	rt-n53 3.0.0.4.374 311	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-01238

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01238
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-01238
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01238

THREAT TYPE

network

Trust: 0.3

sources: BID: 65733

TYPE

Unknown

Trust: 0.3

sources: BID: 65733

PATCH

title:

Patches with multiple vulnerabilities in multiple ASUS routers

url:

https://www.cnvd.org.cn/patchinfo/show/43869

Trust: 0.6

sources: CNVD: CNVD-2014-01238

EXTERNAL IDS

db:	BID	id:	65733	Trust: 0.9
db:	CNVD	id:	CNVD-2014-01238	Trust: 0.6

sources: CNVD: CNVD-2014-01238 // BID: 65733

REFERENCES

url:	http://www.securityfocus.com/archive/1/531194	Trust: 0.6
url:	http://www.asus.com	Trust: 0.3

sources: CNVD: CNVD-2014-01238 // BID: 65733

CREDITS

Harry Sintonen of nSense Oy

Trust: 0.3

sources: BID: 65733

SOURCES

db:	CNVD	id:	CNVD-2014-01238
db:	BID	id:	65733

LAST UPDATE DATE

2022-05-17T02:07:13.502000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01238	date:	2014-02-26T00:00:00
db:	BID	id:	65733	date:	2014-03-04T01:23:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01238	date:	2014-02-26T00:00:00
db:	BID	id:	65733	date:	2014-02-21T00:00:00