1. Home
  2. CVE Database
  3. CVE-2014-2718
HIGH · 7.1

CVE-2014-2718

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1...

Vulnerability Description

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.

CVSS Score

7.1

HIGH

AV:N/AC:M/Au:N/C:N/I:C/A:N
Confidentiality
NONE
Integrity
COMPLETE
Availability
NONE

Affected Products

VendorProductVersions
T-MobileTm-Ac19003.0.0.4.376_3169
AsusRt Series Firmware<= 3.0.0.4.374.x
AsusRt-Ac56RAll versions
AsusRt-Ac66RAll versions
AsusRt-Ac66UAll versions
AsusRt-Ac68UAll versions
AsusRt-N56RAll versions
AsusRt-N56UAll versions
AsusRt-N66RAll versions
AsusRt-N66UAll versions

Related Weaknesses (CWE)

CWE-345

References

FAQ

What is CVE-2014-2718?

CVE-2014-2718 is a vulnerability with a CVSS score of 7.1 (HIGH). ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1...

How severe is CVE-2014-2718?

CVE-2014-2718 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2718?

Check the references section above for vendor advisories and patch information. Affected products include: T-Mobile Tm-Ac1900, Asus Rt Series Firmware, Asus Rt-Ac56R, Asus Rt-Ac66R, Asus Rt-Ac66U.