Password Disclosure in ASUS RT Series Routers
CVE-2014-2719

Currently unrated

Key Information:

Vendor: Asus
Status: Rt-ac66u Firmware; Rt-ac68u Firmware; Rt-n10e Firmware; Rt-n14u Firmware
Vendor: CVE Published:; 22 April 2014

Summary

The ASUS RT series routers with firmware versions prior to 3.0.0.4.374.5517 contain a vulnerability that allows authenticated users to access the source code of the Advanced_System_Content.asp file. This can lead to the unauthorized exposure of the administrator user name and password while an administrator session is active, thereby compromising the security of the device.

References

http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-R...

x_refsource_MISC

http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2014/Apr/225

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Apr 22, 2014
Vulnerability Reserved
Apr 1, 2014