CVE-2014-2718 - Vulnerability Details - OpenCVE

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Asus	Rt-ac56r Rt-ac66r Rt-ac66u Rt-ac68u Rt-n56r Rt-n56u Rt-n66r Rt-n66u Rt Series Firmware
T-mobile	Tm-ac1900

Configuration 1 [-]

cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:asus:rt_series_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:asus:rt-ac56r::::::::
	cpe:2.3:h:asus:rt-ac66r::::::::
	cpe:2.3:h:asus:rt-ac66u::::::::
	cpe:2.3:h:asus:rt-ac68u::::::::
	cpe:2.3:h:asus:rt-n56r::::::::
	cpe:2.3:h:asus:rt-n56u::::::::
	cpe:2.3:h:asus:rt-n66r::::::::
	cpe:2.3:h:asus:rt-n66u::::::::

No data.

References

Link	Providers
http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html
http://packetstormsecurity.com/files/128904/ASUS-Router-Man-In-The-Middle.html
http://seclists.org/fulldisclosure/2014/Oct/122
http://www.securityfocus.com/bid/70791
https://exchange.xforce.ibmcloud.com/vulnerabilities/98316
https://support.t-mobile.com/docs/DOC-21994

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-11-04T22:00:00

Updated: 2024-08-06T10:21:36.023Z

Reserved: 2014-04-01T00:00:00

Link: CVE-2014-2718

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-11-04T22:55:06.417

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-2718

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-28T00:00:00", "descriptions": [{"lang": "en", "value": "ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20141028 CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Oct/122"}, {"name": "asus-cve20142718-mitm(98316)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128904/ASUS-Router-Man-In-The-Middle.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.t-mobile.com/docs/DOC-21994"}, {"tags": ["x_refsource_MISC"], "url": "http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html"}, {"name": "70791", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70791"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2718", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20141028 CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Oct/122"}, {"name": "asus-cve20142718-mitm(98316)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"}, {"name": "http://packetstormsecurity.com/files/128904/ASUS-Router-Man-In-The-Middle.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128904/ASUS-Router-Man-In-The-Middle.html"}, {"name": "https://support.t-mobile.com/docs/DOC-21994", "refsource": "CONFIRM", "url": "https://support.t-mobile.com/docs/DOC-21994"}, {"name": "http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html", "refsource": "MISC", "url": "http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html"}, {"name": "70791", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70791"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:21:36.023Z"}, "title": "CVE Program Container", "references": [{"name": "20141028 CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Oct/122"}, {"name": "asus-cve20142718-mitm(98316)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/128904/ASUS-Router-Man-In-The-Middle.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.t-mobile.com/docs/DOC-21994"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html"}, {"name": "70791", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70791"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2718", "datePublished": "2014-11-04T22:00:00", "dateReserved": "2014-04-01T00:00:00", "dateUpdated": "2024-08-06T10:21:36.023Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:t-mobile:tm-ac1900:3.0.0.4.376_3169:*:*:*:*:*:*:*", "matchCriteriaId": "919D9673-1FCA-431D-9F30-643AAEFAC1DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B65300BF-25AB-4130-A6D3-27E673B47630", "versionEndIncluding": "3.0.0.4.374.x", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ac56r:*:*:*:*:*:*:*:*", "matchCriteriaId": "F78791C6-23A8-41B6-A886-59A593165B8A", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac66r:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0863AD7-F290-4201-BDD9-497C82517C75", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac66u:*:*:*:*:*:*:*:*", "matchCriteriaId": "106D80BC-400A-4996-8A4E-68D3F24B200F", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac68u:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDA91183-BE7D-4055-8707-1B11368D4435", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n56r:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5E2864C-6D9B-4D00-AB6A-82248DD82210", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n56u:*:*:*:*:*:*:*:*", "matchCriteriaId": "45140849-3F44-4866-850D-195B393F2849", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n66r:*:*:*:*:*:*:*:*", "matchCriteriaId": "42BBB86A-961B-4529-8B74-CF6889156AB8", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n66u:*:*:*:*:*:*:*:*", "matchCriteriaId": "98F88197-8E64-468C-8F36-281ED8E3716A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image."}, {"lang": "es", "value": "Los routers ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, y posiblemente otros de la serie RT anterior a firmware 3.0.0.4.376.x no verifica la integridad de (1) informaci\u00f3n de actualizaciones o (2) actualizaciones de descargas del firmware, lo que permite a atacantes man-in-the-middle (MITM) ejecutar c\u00f3digo arbitrario a trav\u00e9s de un imagen manipulado."}], "id": "CVE-2014-2718", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-11-04T22:55:06.417", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/128904/ASUS-Router-Man-In-The-Middle.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Oct/122"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/70791"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"}, {"source": "cve@mitre.org", "url": "https://support.t-mobile.com/docs/DOC-21994"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://dnlongen.blogspot.com/2014/10/CVE-2014-2718-Asus-RT-MITM.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/128904/ASUS-Router-Man-In-The-Middle.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Oct/122"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/70791"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.t-mobile.com/docs/DOC-21994"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}