National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2014-9583 Detail

Description

common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.

Source:  MITRE      Last Modified:  01/08/2015

Quick Info

CVE Dictionary Entry:
CVE-2014-9583
Original release date:
01/08/2015
Last revised:
06/30/2016
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
10.0 HIGH
Vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://packetstormsecurity.com/files/129815/ASUSWRT-3.0.0.4.376_1071-LAN-Backdoor-Command-Execution.html Exploit External Source MISC http://packetstormsecurity.com/files/129815/ASUSWRT-3.0.0.4.376_1071-LAN-Backdoor-Command-Execution.html
http://www.exploit-db.com/exploits/35688 Exploit External Source EXPLOIT-DB 35688
https://github.com/jduck/asus-cmd Exploit External Source MISC https://github.com/jduck/asus-cmd
https://support.t-mobile.com/docs/DOC-21994 External Source CONFIRM https://support.t-mobile.com/docs/DOC-21994

Technical Details

Vulnerability Type (View All)

  • Permissions, Privileges, and Access Control (CWE-264)

Change History 4 change records found - show changes