Vulnerability in Asus Rt-ac56r

CVE-2014-2718

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded…

EPSS: 0.002 (47.8th percentile) — read the EPSS interpretation.

Affected products

Asus Rt-ac56r
Asus Rt-ac66r
Asus Rt-ac66u
Asus Rt-ac68u
Asus Rt-n56r
Asus Rt-n56u
Asus Rt-n66r
Asus Rt-n66u
Asus Rt_series_firmware
T-mobile Tm-ac1900 — versions 3.0.0.4.376_3169

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

20141028 CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack (mailing-list, Exploit, x_refsource_FULLDISC)
asus-cve20142718-mitm(98316) (vdb-entry, x_refsource_XF)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (Exploit, x_refsource_MISC)
70791 (vdb-entry, x_refsource_BID)