Vulnerability Description
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asus | Rt-Ac66U Firmware | 3.0.0.4.140 |
| Asus | Rt-Ac68U Firmware | 3.0.0.4.374.4755 |
| Asus | Rt-N10E Firmware | 2.0.0.7 |
| Asus | Rt-N14U Firmware | 3.0.0.4.322 |
| Asus | Rt-N16 Firmware | 1.0.1.9 |
| Asus | Rt-N56U Firmware | 1.0.1.4 |
| Asus | Rt-N65U Firmware | 3.0.0.3.134 |
| Asus | Rt-N66U Firmware | 3.0.0.4.272 |
| Asus | Rt-Ac68U | - |
| T-Mobile | Tm-Ac1900 | 3.0.0.4.376_3169 |
Related Weaknesses (CWE)
References
- http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.h
- http://seclists.org/fulldisclosure/2014/Apr/225
- http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
- https://support.t-mobile.com/docs/DOC-21994
- http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.h
- http://seclists.org/fulldisclosure/2014/Apr/225
- http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
- https://support.t-mobile.com/docs/DOC-21994
FAQ
What is CVE-2014-2719?
CVE-2014-2719 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator ...
How severe is CVE-2014-2719?
CVE-2014-2719 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2719?
Check the references section above for vendor advisories and patch information. Affected products include: Asus Rt-Ac66U Firmware, Asus Rt-Ac68U Firmware, Asus Rt-N10E Firmware, Asus Rt-N14U Firmware, Asus Rt-N16 Firmware.