Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2719

Overview

Vulnerability Score 6.3 6.3
CVE Id CVE-2014-2719
Last Modified 17 Sep 2015 09:59:20
Published 22 Apr 2014 09:06:29
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2719

Summary

Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.

Vulnerable Systems

Operating System

  • Asus Rt-ac66u Firmware 3.0.0.4.140

  • Asus Rt-ac66u Firmware 3.0.0.4.220

  • Asus Rt-ac66u Firmware 3.0.0.4.246

  • Asus Rt-ac66u Firmware 3.0.0.4.260

  • Asus Rt-ac66u Firmware 3.0.0.4.270

  • Asus Rt-ac66u Firmware 3.0.0.4.354

  • Asus Rt-ac68u Firmware 3.0.0.4.374 4561

  • Asus Rt-ac68u Firmware 3.0.0.4.374 4887

  • Asus Rt-ac68u Firmware 3.0.0.4.374.4755

  • Asus Rt-n10e Firmware 2.0.0.10

  • Asus Rt-n10e Firmware 2.0.0.16

  • Asus Rt-n10e Firmware 2.0.0.19

  • Asus Rt-n10e Firmware 2.0.0.20

  • Asus Rt-n10e Firmware 2.0.0.24

  • Asus Rt-n10e Firmware 2.0.0.25

  • Asus Rt-n10e Firmware 2.0.0.7

  • Asus Rt-n14u Firmware 3.0.0.4.322

  • Asus Rt-n14u Firmware 3.0.0.4.356

  • Asus Rt-n16 Firmware 1.0.1.9

  • Asus Rt-n16 Firmware 1.0.2.3

  • Asus Rt-n16 Firmware 3.0.0.3.108

  • Asus Rt-n16 Firmware 3.0.0.3.162

  • Asus Rt-n16 Firmware 3.0.0.3.178

  • Asus Rt-n16 Firmware 3.0.0.4.220

  • Asus Rt-n16 Firmware 3.0.0.4.246

  • Asus Rt-n16 Firmware 3.0.0.4.260

  • Asus Rt-n16 Firmware 3.0.0.4.354

  • Asus Rt-n16 Firmware 7.0.2.38b

  • Asus Rt-n56u Firmware 1.0.1.4

  • Asus Rt-n56u Firmware 1.0.1.4o

  • Asus Rt-n56u Firmware 1.0.1.7c

  • Asus Rt-n56u Firmware 1.0.1.7f

  • Asus Rt-n56u Firmware 1.0.1.8j

  • Asus Rt-n56u Firmware 1.0.1.8l

  • Asus Rt-n56u Firmware 1.0.1.8n

  • Asus Rt-n56u Firmware 3.0.0.4.318

  • Asus Rt-n56u Firmware 3.0.0.4.334

  • Asus Rt-n56u Firmware 3.0.0.4.342

  • Asus Rt-n56u Firmware 3.0.0.4.360

  • Asus Rt-n56u Firmware 7.0.1.21

  • Asus Rt-n56u Firmware 7.0.1.32

  • Asus Rt-n56u Firmware 8.1.1.4

  • Asus Rt-n65u Firmware 3.0.0.3.134

  • Asus Rt-n65u Firmware 3.0.0.3.176

  • Asus Rt-n65u Firmware 3.0.0.4.260

  • Asus Rt-n65u Firmware 3.0.0.4.334

  • Asus Rt-n65u Firmware 3.0.0.4.342

  • Asus Rt-n65u Firmware 3.0.0.4.346

  • Asus Rt-n66u Firmware 3.0.0.4.272

  • Asus Rt-n66u Firmware 3.0.0.4.370


References

CONFIRM - http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29

FULLDISC - 20140416 ASUS RT-XXXX SOHO routers expose admin password, fixed in 3.0.0.4.374.5517

MISC - http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html

CONFIRM - https://support.t-mobile.com/docs/DOC-21994


Last Updated: 27 May 2016 11:05:02