RCE in Asus Rt-ac56s

CVE-2014-7269

ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.371…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.005 (68.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

JVN#77792759 (x_refsource_JVN, third-party-advisory, Vendor Advisory)
JVNDB-2015-000011 (x_refsource_JVNDB, third-party-advisory, Vendor Advisory)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Patch, Vendor Advisory)