PT-2015-3920 · Asus · Asus Rt-Ac56S+4

Published

2015-02-01

Updated

2015-02-04

CVE-2014-7269

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ASUS RT-AC87U routers versions 3.0.0.4.378.3754 and earlier ASUS RT-AC68U routers versions 3.0.0.4.376.3715 and earlier ASUS RT-AC56S routers versions 3.0.0.4.376.3715 and earlier ASUS RT-N66U routers versions 3.0.0.4.376.3715 and earlier ASUS RT-N56U routers versions 3.0.0.4.376.3715 and earlier

Description The issue allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

Recommendations For ASUS RT-AC87U routers versions 3.0.0.4.378.3754 and earlier, update the firmware to a version later than 3.0.0.4.378.3754. For ASUS RT-AC68U routers versions 3.0.0.4.376.3715 and earlier, update the firmware to a version later than 3.0.0.4.376.3715. For ASUS RT-AC56S routers versions 3.0.0.4.376.3715 and earlier, update the firmware to a version later than 3.0.0.4.376.3715. For ASUS RT-N66U routers versions 3.0.0.4.376.3715 and earlier, update the firmware to a version later than 3.0.0.4.376.3715. For ASUS RT-N56U routers versions 3.0.0.4.376.3715 and earlier, update the firmware to a version later than 3.0.0.4.376.3715.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2014-7269

Affected Products

Asus Rt-Ac56S

Asus Rt-Ac68U

Asus Rt-Ac87U

Asus Rt-N56U

Asus Rt-N66U

PT-2015-3920 · Asus · Asus Rt-Ac56S+4

CVE-2014-7269

Weakness Enumeration

Related Identifiers

Affected Products

References · 4