cvelistv5 - cve-2014-7269

CVE-2014-7269 (GCVE-0-2014-7269)

Vulnerability from cvelistv5

Published

2015-02-01 15:00

Modified

2024-08-06 12:47

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

cnvd-2015-00880

Vulnerability from cnvd

Title

ASUS RT Series Routers存在未明命令注入漏洞

Description

ASUS RT Series Routers是一款无线路由器设备。 ASUS RT Series Routers存在未明命令注入漏洞，因为其未能正确地过滤用户提供的输入。允许攻击者在受影响的设备的上下文中执行任意操作系统命令。

Severity

中

Patch Name

ASUS RT Series Routers存在未明命令注入漏洞的补丁

Patch Description

ASUS RT Series Routers是一款无线路由器设备。ASUS RT Series Routers存在未明命令注入漏洞，因为其未能正确地过滤用户提供的输入。允许攻击者在受影响的设备的上下文中执行任意操作系统命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： http://www.asus.com.cn/

Reference

http://www.securityfocus.com/bid/72390

Impacted products

Name
ASUS RT-Series Routers

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72390"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-7269"
    }
  },
  "description": "ASUS RT Series Routers\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u8bbe\u5907\u3002\r\n \r\nASUS RT Series Routers\u5b58\u5728\u672a\u660e\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u5176\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5728\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "discovererName": "Masashi Sakai",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.asus.com.cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00880",
  "openTime": "2015-02-03",
  "patchDescription": "ASUS RT Series Routers\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u8bbe\u5907\u3002ASUS RT Series Routers\u5b58\u5728\u672a\u660e\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u5176\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5728\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ASUS RT Series Routers\u5b58\u5728\u672a\u660e\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ASUS RT-Series Routers"
  },
  "referenceLink": "http://www.securityfocus.com/bid/72390",
  "serverity": "\u4e2d",
  "submitTime": "2015-02-02",
  "title": "ASUS RT Series Routers\u5b58\u5728\u672a\u660e\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

gsd-2014-7269

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-7269

Aliases

CVE-2014-7269

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-7269",
    "description": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.",
    "id": "GSD-2014-7269"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-7269"
      ],
      "details": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.",
      "id": "GSD-2014-7269",
      "modified": "2023-12-13T01:22:47.707551Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2014-7269",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#77792759",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
          },
          {
            "name": "JVNDB-2015-000011",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
          },
          {
            "name": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR",
            "refsource": "CONFIRM",
            "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rt-n66u_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.0.4.376.3715",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rt-ac56s_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.0.4.376.3715",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rt-ac68u_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.0.4.376.3715",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rt-ac87u_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.0.4.378.3754",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:asus:rt-n56u_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.0.376.3715",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2014-7269"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
            },
            {
              "name": "JVNDB-2015-000011",
              "refsource": "JVNDB",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
            },
            {
              "name": "JVN#77792759",
              "refsource": "JVN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-02-04T03:33Z",
      "publishedDate": "2015-02-01T15:59Z"
    }
  }
}

fkie_cve-2014-7269

Vulnerability from fkie_nvd

Published

2015-02-01 15:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN77792759/index.html	Vendor Advisory
vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011	Vendor Advisory
vultures@jpcert.or.jp	http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN77792759/index.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
asus	rt-n66u_firmware	*
asus	rt-n66u	-
asus	rt-ac56s_firmware	*
asus	rt-ac56s	-
asus	rt-ac68u_firmware	*
asus	rt-ac68u	-
asus	rt-ac87u_firmware	*
asus	rt-ac87u	-
asus	rt-n56u_firmware	*
asus	rt-n56u	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rt-n66u_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F00D344B-E6F4-43E6-AC9F-CC1D0ACEB03D",
              "versionEndIncluding": "3.0.0.4.376.3715",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rt-ac56s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "866A3E80-E93C-4C00-B8CD-B040617D4B4E",
              "versionEndIncluding": "3.0.0.4.376.3715",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rt-ac68u_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EFEF79F-9383-4091-B013-B3FD9F7A4E73",
              "versionEndIncluding": "3.0.0.4.376.3715",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rt-ac87u_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ECCC5BB-8B10-4712-B33A-FE6CDDD826F2",
              "versionEndIncluding": "3.0.0.4.378.3754",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:rt-n56u_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AB4431-1D6E-4D5C-86E8-F78CECF82AFB",
              "versionEndIncluding": "3.0.0.376.3715",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Los routers ASUS JAPAN RT-AC87U con firmware 3.0.0.4.378.3754 y anteriores, los routers RT-AC68U con firmware 3.0.0.4.376.3715 y anteriores, los routers RT-AC56S con firmware 3.0.0.4.376.3715 y anteriores, lor routers RT-N66U con firmware 3.0.0.4.376.3715 y anteriores, y los routers RT-N56U con firmware 3.0.0.4.376.3715 y anteriores permiten a usuarios remotos autenticados ejecutar comandos OS arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-7269",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-01T15:59:01.917",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page. ASUS RT Series Routers has an unspecified command injection vulnerability because it failed to properly filter user-supplied input. Allows an attacker to execute arbitrary operating system commands in the context of the affected device. A security vulnerability exists in several ASUS routers

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201502-0454",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rt-ac56s",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "asus",
        "version": "3.0.0.4.376.3715"
      },
      {
        "model": "rt-ac68u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rt-ac56s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rt-ac68u",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "asus",
        "version": "3.0.0.4.376.3715"
      },
      {
        "model": "rt-n66u",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "asus",
        "version": "3.0.0.4.376.3715"
      },
      {
        "model": "rt-n56u",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "asus",
        "version": "3.0.0.376.3715"
      },
      {
        "model": "rt-ac87u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rt-n56u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rt-n66u",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rt-ac87u",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "asus",
        "version": "3.0.0.4.378.3754"
      },
      {
        "model": "rt-n66u",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "asus",
        "version": "3.0.0.4.376.3715"
      },
      {
        "model": "rt-ac87u",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "asus",
        "version": "3.0.0.4.378.3754"
      },
      {
        "model": "rt-ac68u",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "asus",
        "version": "3.0.0.4.376.3715"
      },
      {
        "model": "rt-ac56s",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "asus",
        "version": "3.0.0.4.376.3715"
      },
      {
        "model": "rt-ac56s",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "asus",
        "version": "firmware  prior to 3.0.0.4.378.6065"
      },
      {
        "model": "rt-ac68u",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "asus",
        "version": "firmware  prior to 3.0.0.4.378.6152"
      },
      {
        "model": "rt-ac87u",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "asus",
        "version": "firmware  prior to 3.0.0.4.378.6065"
      },
      {
        "model": "rt-n56u",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "asus",
        "version": "firmware  prior to 3.0.0.4.378.6065"
      },
      {
        "model": "rt-n66u",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "asus",
        "version": "firmware  prior to 3.0.0.4.378.6065"
      },
      {
        "model": "rt-series routers",
        "scope": null,
        "trust": 0.6,
        "vendor": "asus",
        "version": null
      },
      {
        "model": "rt-n56u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "asus",
        "version": "3.0.0.376.3715"
      },
      {
        "model": "rt-n56u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "asus",
        "version": "3.0.0.4.376.3715"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "db": "BID",
        "id": "72390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-7269"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac56s",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac68u",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:misc:asus_japan_rt-ac87u",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:misc:asus_japan_rt-n56u",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:misc:asus_japan_rt-n66u",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Masashi Sakai",
    "sources": [
      {
        "db": "BID",
        "id": "72390"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-7269",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2014-7269",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2015-000011",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2015-00880",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-75214",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-7269",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2015-000011",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-00880",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201502-002",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-75214",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "db": "VULHUB",
        "id": "VHN-75214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-7269"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page. ASUS RT Series Routers has an unspecified command injection vulnerability because it failed to properly filter user-supplied input. Allows an attacker to execute arbitrary operating system commands in the context of the affected device. A security vulnerability exists in several ASUS routers",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-7269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "db": "BID",
        "id": "72390"
      },
      {
        "db": "VULHUB",
        "id": "VHN-75214"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-7269",
        "trust": 3.4
      },
      {
        "db": "JVN",
        "id": "JVN77792759",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "72390",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-002",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-75214",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "db": "VULHUB",
        "id": "VHN-75214"
      },
      {
        "db": "BID",
        "id": "72390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-7269"
      }
    ]
  },
  "id": "VAR-201502-0454",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "db": "VULHUB",
        "id": "VHN-75214"
      }
    ],
    "trust": 1.3538392259999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:49:23.820000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Firmware for wireless LAN routers that addressed cross-site request forgery and OS command injection vulnerabilities are available",
        "trust": 0.8,
        "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
      },
      {
        "title": "ASUS RT Series Routers has patches for unspecified command injection vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/54909"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-7269"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://jvn.jp/en/jp/jvn77792759/index.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.asus.com/jp/news/pnzpd7vkxtrkwxhr"
      },
      {
        "trust": 1.7,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000011"
      },
      {
        "trust": 0.8,
        "url": "//cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7269"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7269"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/72390"
      },
      {
        "trust": 0.3,
        "url": "http://www.asus.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "db": "VULHUB",
        "id": "VHN-75214"
      },
      {
        "db": "BID",
        "id": "72390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-7269"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "db": "VULHUB",
        "id": "VHN-75214"
      },
      {
        "db": "BID",
        "id": "72390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-002"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-7269"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-02-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "date": "2015-02-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-75214"
      },
      {
        "date": "2015-01-28T00:00:00",
        "db": "BID",
        "id": "72390"
      },
      {
        "date": "2015-01-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      },
      {
        "date": "2015-02-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201502-002"
      },
      {
        "date": "2015-02-01T15:59:01.917000",
        "db": "NVD",
        "id": "CVE-2014-7269"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-02-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-00880"
      },
      {
        "date": "2015-02-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-75214"
      },
      {
        "date": "2015-01-28T00:00:00",
        "db": "BID",
        "id": "72390"
      },
      {
        "date": "2015-06-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      },
      {
        "date": "2015-02-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201502-002"
      },
      {
        "date": "2024-11-21T02:16:38.947000",
        "db": "NVD",
        "id": "CVE-2014-7269"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-002"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple ASUS wireless LAN routers vulnerable to OS command injection",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-000011"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201502-002"
      }
    ],
    "trust": 0.6
  }
}

ghsa-cqq8-x3rc-74x7

Vulnerability from github

Published

2022-05-17 04:16

Modified

2022-05-17 04:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-7269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-02-01T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.",
  "id": "GHSA-cqq8-x3rc-74x7",
  "modified": "2022-05-17T04:16:36Z",
  "published": "2022-05-17T04:16:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7269"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN77792759/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000011"
    },
    {
      "type": "WEB",
      "url": "http://www.asus.com/jp/News/PNzPd7vkXtrKWXHR"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2014-7269

Vulnerability from jvndb

Published

2015-01-27 14:23

Modified

2015-06-17 16:42

Severity ?

() - -

Summary

Multiple ASUS wireless LAN routers vulnerable to OS command injection

Details

Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN77792759/index.html
	CVE	//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7269
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7269
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	ASUS JAPAN Inc.	RT-AC56S
	ASUS JAPAN Inc.	RT-AC68U
	ASUS JAPAN Inc.	RT-AC87U
	ASUS JAPAN Inc.	RT-N56U
	ASUS JAPAN Inc.	RT-N66U

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
  "dc:date": "2015-06-17T16:42+09:00",
  "dcterms:issued": "2015-01-27T14:23+09:00",
  "dcterms:modified": "2015-06-17T16:42+09:00",
  "description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac56s",
      "@product": "RT-AC56S",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac68u",
      "@product": "RT-AC68U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-ac87u",
      "@product": "RT-AC87U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-n56u",
      "@product": "RT-N56U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:misc:asus_japan_rt-n66u",
      "@product": "RT-N66U",
      "@vendor": "ASUS JAPAN Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.2",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000011",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN77792759/index.html",
      "@id": "JVN#77792759",
      "@source": "JVN"
    },
    {
      "#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7269",
      "@id": "CVE-2014-7269",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7269",
      "@id": "CVE-2014-7269",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple ASUS wireless LAN routers vulnerable to OS command injection"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-7269 (GCVE-0-2014-7269)

Vulnerability from cvelistv5

cnvd-2015-00880

Vulnerability from cnvd

gsd-2014-7269

Vulnerability from gsd

fkie_cve-2014-7269

Vulnerability from fkie_nvd

var-201502-0454

Vulnerability from variot

ghsa-cqq8-x3rc-74x7

Vulnerability from github

cve-2014-7269

Vulnerability from jvndb

Tags

Sightings

Nomenclature