var-201501-0697
Vulnerability from variot
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. The vulnerability was initially CVE-2014-10000 It was numbered. But that ID Is 2014 Of year CVE ID It became invalid due to the configuration change.By a third party UDP port 9999 of NET_CMD_ID_MANU_CMD Authentication may be bypassed and arbitrary commands may be executed via packets. Asuswrt 'infosvr' has a remote command execution vulnerability because the application did not adequately filter the input data. ASUSWRT is ASUS router firmware.
In the ASUS WRT 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52 version, the common.c of infosvr failed to correctly check the requested MAC address. This could allow a remote attacker to send NET_CMD_ID_MANU_CMD packets to UDP port 9999. This vulnerability bypasses authentication and executes arbitrary commands. Asuswrt 3.0.0.4.376_1071 is vulnerable; other versions may also be affected.
Vulnerability Summary
2014 Year 10 moon 3 Day, foreign security researcher Joshua J. Drake in him github ( https://github.com/jduck ) submitted a remote command execution vulnerability against ASUS routers poc ( https://github.com/jduck/asus-cmd ).
a) Vulnerability description
asus router R series routers using the open source router system Asuswrt , the open source code brings us a lot of convenience for subsequent vulnerability analysis without reverse analysis. exist Asuswrt exists in infosvr process, which listens on 0.0.0.0 IP on, monitor any IP of 9999 UDP port.
b) Vulnerability impact
according to Joshua J. Drake exist github According to the above analysis, the affected versions are as follows:
<img src="http://blog.knownsec.com/wp-content/uploads/2015/01/1.jpg" alt="1" width="492"..
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0697",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.376.2524-g0012f52"
},
{
"model": "wrt",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.376_1071"
},
{
"model": "tm-ac1900",
"scope": "eq",
"trust": 1.0,
"vendor": "t mobile",
"version": "3.0.0.4.376_3169"
},
{
"model": "rt-ac66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n66u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "wrt",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.376.2524-g0013f52"
},
{
"model": "wrt",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.376_1071"
},
{
"model": "asuswrt 3.0.0.4.376 1071",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
},
{
"model": "wrt 3.0.0.4.376.2524-g0012f52",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
},
{
"model": "wrt 3.0.0.4.376 1071",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"db": "CNVD",
"id": "CNVD-2015-00409"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"db": "NVD",
"id": "CVE-2014-9583"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:wrt_firmware:3.0.0.4.376.2524-g0012f52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:asus:wrt_firmware:3.0.0.4.376_1071:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n66u:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9583"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Friedrich Postelstorfer",
"sources": [
{
"db": "BID",
"id": "71889"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9583",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-9583",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00156",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00409",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-77528",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9583",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00156",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00409",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-143",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-77528",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-9583",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"db": "CNVD",
"id": "CNVD-2015-00409"
},
{
"db": "VULHUB",
"id": "VHN-77528"
},
{
"db": "VULMON",
"id": "CVE-2014-9583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"db": "NVD",
"id": "CVE-2014-9583"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. The vulnerability was initially CVE-2014-10000 It was numbered. But that ID Is 2014 Of year CVE ID It became invalid due to the configuration change.By a third party UDP port 9999 of NET_CMD_ID_MANU_CMD Authentication may be bypassed and arbitrary commands may be executed via packets. Asuswrt \u0027infosvr\u0027 has a remote command execution vulnerability because the application did not adequately filter the input data. ASUSWRT is ASUS router firmware. \r\n\r\n\r\nIn the ASUS WRT 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52 version, the common.c of infosvr failed to correctly check the requested MAC address. This could allow a remote attacker to send NET_CMD_ID_MANU_CMD packets to UDP port 9999. This vulnerability bypasses authentication and executes arbitrary commands. \nAsuswrt 3.0.0.4.376_1071 is vulnerable; other versions may also be affected. \u003cp\u003e\u003cstrong\u003e Vulnerability Summary \u003c/strong\u003e\u003c/p\u003e\u003cp\u003e2014 Year 10 moon 3 Day, foreign security researcher Joshua J. Drake in him github ( \u003ca href=\"https://github.com/jduck\"\u003ehttps://github.com/jduck\u003c/a\u003e ) submitted a remote command execution vulnerability against ASUS routers poc ( \u003ca href=\"https://github.com/jduck/asus-cmd\"\u003ehttps://github.com/jduck/asus-cmd\u003c/a\u003e ). \u003c/p\u003e\u003ch4\u003ea)\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; Vulnerability description \u003c/h4\u003e\u003cp\u003e asus router R series routers using the open source router system \u0026nbsp;\u003ca href=\"https://github.com/RMerl/asuswrt-merlin\" target=\"_blank\"\u003eAsuswrt\u003c/a\u003e , the open source code brings us a lot of convenience for subsequent vulnerability analysis without reverse analysis. exist Asuswrt exists in \u0026nbsp;\u003ca href=\"https://github.com/RMerl/asuswrt-merlin/tree/master/release/src/router/infosvr\" target=\"_blank\"\u003einfosvr\u003c/a\u003e\u0026nbsp; process, which listens on 0.0.0.0 IP on, monitor any IP of 9999 UDP port. \u003c/p\u003e\u003ch4\u003eb)\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; Vulnerability impact \u003c/h4\u003e\u003cp\u003e according to Joshua J. Drake exist github According to the above analysis, the affected versions are as follows: \u003c/p\u003e\u003cp\u003e\u003cimg src=\"http://blog.knownsec.com/wp-content/uploads/2015/01/1.jpg\" alt=\"1\" width=\"492\"..",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"db": "CNVD",
"id": "CNVD-2015-00409"
},
{
"db": "BID",
"id": "71889"
},
{
"db": "VULHUB",
"id": "VHN-77528"
},
{
"db": "VULMON",
"id": "CVE-2014-9583"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44524",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-77528",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77528"
},
{
"db": "VULMON",
"id": "CVE-2014-9583"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9583",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "129815",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "35688",
"trust": 2.4
},
{
"db": "BID",
"id": "71889",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "44524",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007550",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-00156",
"trust": 0.6
},
{
"db": "EXPLOITDB",
"id": "35688",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-00409",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201501-143",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "147284",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-89236",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-77528",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9583",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"db": "CNVD",
"id": "CNVD-2015-00409"
},
{
"db": "VULHUB",
"id": "VHN-77528"
},
{
"db": "VULMON",
"id": "CVE-2014-9583"
},
{
"db": "BID",
"id": "71889"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"db": "NVD",
"id": "CVE-2014-9583"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
]
},
"id": "VAR-201501-0697",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"db": "CNVD",
"id": "CNVD-2015-00409"
},
{
"db": "VULHUB",
"id": "VHN-77528"
}
],
"trust": 2.0239119150000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"db": "CNVD",
"id": "CNVD-2015-00409"
}
]
},
"last_update_date": "2023-12-18T13:34:33.899000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUS Router infosvr UDP Broadcast root Command Execution",
"trust": 0.8,
"url": "https://github.com/jduck/asus-cmd"
},
{
"title": "Cellspot router firmware update information",
"trust": 0.8,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"title": "GPL_RT_N66U_30043762524",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53192"
},
{
"title": "asus-cmd",
"trust": 0.1,
"url": "https://github.com/jduck/asus-cmd "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/asus-patches-root-command-execution-flaws-haunting-over-a-dozen-router-models/129666/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-9583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77528"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"db": "NVD",
"id": "CVE-2014-9583"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/129815/asuswrt-3.0.0.4.376_1071-lan-backdoor-command-execution.html"
},
{
"trust": 1.9,
"url": "https://github.com/jduck/asus-cmd"
},
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/35688"
},
{
"trust": 1.3,
"url": "https://www.exploit-db.com/exploits/44524/"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71889"
},
{
"trust": 1.2,
"url": "https://support.t-mobile.com/docs/doc-21994"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9583"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9583"
},
{
"trust": 0.6,
"url": "http://dlcdnet.asus.com/pub/asus/wireless/rt-n66u_b1/fw_rt_n66u_30043762524.zip"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/35688/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"db": "CNVD",
"id": "CNVD-2015-00409"
},
{
"db": "VULHUB",
"id": "VHN-77528"
},
{
"db": "VULMON",
"id": "CVE-2014-9583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"db": "NVD",
"id": "CVE-2014-9583"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"db": "CNVD",
"id": "CNVD-2015-00409"
},
{
"db": "VULHUB",
"id": "VHN-77528"
},
{
"db": "VULMON",
"id": "CVE-2014-9583"
},
{
"db": "BID",
"id": "71889"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"db": "NVD",
"id": "CVE-2014-9583"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00409"
},
{
"date": "2015-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-77528"
},
{
"date": "2015-01-08T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9583"
},
{
"date": "2015-01-05T00:00:00",
"db": "BID",
"id": "71889"
},
{
"date": "2015-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"date": "2015-01-08T20:59:02.243000",
"db": "NVD",
"id": "CVE-2014-9583"
},
{
"date": "2015-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00156"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00409"
},
{
"date": "2018-04-27T00:00:00",
"db": "VULHUB",
"id": "VHN-77528"
},
{
"date": "2018-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9583"
},
{
"date": "2015-01-15T00:03:00",
"db": "BID",
"id": "71889"
},
{
"date": "2016-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007550"
},
{
"date": "2018-04-27T01:29:00.617000",
"db": "NVD",
"id": "CVE-2014-9583"
},
{
"date": "2015-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ASUS Used in router WRT Vulnerabilities that can bypass authentication in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007550"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-143"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.