CVE-2014-2718

Published Nov 4, 2014

Last updated 7 years ago

CVSS info 7.1

Overview

Description: ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 6.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:C/A:N

Weaknesses

nvd@nist.gov: CWE-345

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "919D9673-1FCA-431D-9F30-643AAEFAC1DA"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:asus:rt_series_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B65300BF-25AB-4130-A6D3-27E673B47630",
            "versionEndIncluding": "3.0.0.4.374.x"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:asus:rt-ac56r:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F78791C6-23A8-41B6-A886-59A593165B8A"
          },
          {
            "criteria": "cpe:2.3:h:asus:rt-ac66r:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E0863AD7-F290-4201-BDD9-497C82517C75"
          },
          {
            "criteria": "cpe:2.3:h:asus:rt-ac66u:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "106D80BC-400A-4996-8A4E-68D3F24B200F"
          },
          {
            "criteria": "cpe:2.3:h:asus:rt-ac68u:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BDA91183-BE7D-4055-8707-1B11368D4435"
          },
          {
            "criteria": "cpe:2.3:h:asus:rt-n56r:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A5E2864C-6D9B-4D00-AB6A-82248DD82210"
          },
          {
            "criteria": "cpe:2.3:h:asus:rt-n56u:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "45140849-3F44-4866-850D-195B393F2849"
          },
          {
            "criteria": "cpe:2.3:h:asus:rt-n66r:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "42BBB86A-961B-4529-8B74-CF6889156AB8"
          },
          {
            "criteria": "cpe:2.3:h:asus:rt-n66u:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "98F88197-8E64-468C-8F36-281ED8E3716A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References