Vulnerability Details : CVE-2014-2718
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2014-2718
Probability of exploitation activity in the next 30 days: 0.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2718
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:C/A:N |
8.6
|
6.9
|
NIST |
CWE ids for CVE-2014-2718
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2718
-
http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html
OmleidingExploit
-
http://packetstormsecurity.com/files/128904/ASUS-Router-Man-In-The-Middle.html
ASUS Router Man-In-The-Middle ≈ Packet StormExploit
-
https://support.t-mobile.com/docs/DOC-21994
Wi-Fi CellSpot Router setup & help | T-Mobile Support
-
http://seclists.org/fulldisclosure/2014/Oct/122
Full Disclosure: CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attackExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98316
ASUS RT series routers man-in-the-middle CVE-2014-2718 Vulnerability Report
-
http://www.securityfocus.com/bid/70791
ASUS RT Series Wireless Routers CVE-2014-2718 Man in the Middle Security Bypass Vulnerability
Products affected by CVE-2014-2718
- cpe:2.3:o:asus:rt_series_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*