common.c in infosvr in ASUS WRT firmware,, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.
Published 2015-01-08 20:59:02
Updated 2018-04-27 01:29:01
Source MITRE
View at NVD,

Exploit prediction scoring system (EPSS) score for CVE-2014-9583

Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2014-9583

  • ASUS infosvr Auth Bypass Command Execution
    Disclosure Date: 2015-01-04
    First seen: 2020-04-26
    This module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This module launches the BusyBox Telnet daemon on the port specified in the TelnetPort

CVSS scores for CVE-2014-9583

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen

CWE ids for CVE-2014-9583

  • Assigned by: (Primary)

References for CVE-2014-9583

Products affected by CVE-2014-9583

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to terms of use!