CVE-2014-7270

Published Feb 1, 2015

Last updated 10 years ago

CVSS info 6.8

Overview

Description: Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:asus:rt-n66u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F00D344B-E6F4-43E6-AC9F-CC1D0ACEB03D",
            "versionEndIncluding": "3.0.0.4.376.3715"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:asus:rt-n56u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC9CE8AF-0F34-49E9-B57C-A0EE82A55CB8",
            "versionEndIncluding": "3.0.0.4.376.3715"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:asus:rt-ac87u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ECCC5BB-8B10-4712-B33A-FE6CDDD826F2",
            "versionEndIncluding": "3.0.0.4.378.3754"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:asus:rt-ac68u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EFEF79F-9383-4091-B013-B3FD9F7A4E73",
            "versionEndIncluding": "3.0.0.4.376.3715"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:asus:rt-ac56s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "866A3E80-E93C-4C00-B8CD-B040617D4B4E",
            "versionEndIncluding": "3.0.0.4.376.3715"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References