CVE-2014-7270

Summary

CVE	CVE-2014-7270
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-02-01 15:59:00 UTC
Updated	2015-02-11 16:42:00 UTC
Description	Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.

Risk And Classification

Problem Types: CWE-352

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Asus	Rt-ac56s	-	All	All	All
Hardware	Asus	Rt-ac56s	-	All	All	All
Operating System	Asus	Rt-ac56s Firmware	All	All	All	All
Hardware	Asus	Rt-ac68u	-	All	All	All
Hardware	Asus	Rt-ac68u	-	All	All	All
Operating System	Asus	Rt-ac68u Firmware	All	All	All	All
Hardware	Asus	Rt-ac87u	-	All	All	All
Hardware	Asus	Rt-ac87u	-	All	All	All
Operating System	Asus	Rt-ac87u Firmware	All	All	All	All
Hardware	Asus	Rt-n56u	-	All	All	All
Hardware	Asus	Rt-n56u	-	All	All	All
Operating System	Asus	Rt-n56u Firmware	All	All	All	All
Hardware	Asus	Rt-n66u	-	All	All	All
Hardware	Asus	Rt-n66u	-	All	All	All
Operating System	Asus	Rt-n66u Firmware	All	All	All	All

References

Reference	Source	Link	Tags
ニュースリリース - ASUS	CONFIRM	www.asus.com	Vendor Advisory
JVNDB-2015-000012	JVNDB	jvndb.jvn.jp	Vendor Advisory
JVN#32631078: Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery	JVN	jvn.jp	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.