CVE-2014-2719

EUVD-2014-2747
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
asusrt-ac66u_firmware
3.0.0.4.140
asusrt-ac66u_firmware
3.0.0.4.220
asusrt-ac66u_firmware
3.0.0.4.246
asusrt-ac66u_firmware
3.0.0.4.260
asusrt-ac66u_firmware
3.0.0.4.270
asusrt-ac66u_firmware
3.0.0.4.354
asusrt-ac68u_firmware
3.0.0.4.374.4755
asusrt-ac68u_firmware
3.0.0.4.374_4561:_4561
asusrt-ac68u_firmware
3.0.0.4.374_4887:_4887
asusrt-n10e_firmware
2.0.0.7
asusrt-n10e_firmware
2.0.0.10
asusrt-n10e_firmware
2.0.0.16
asusrt-n10e_firmware
2.0.0.19
asusrt-n10e_firmware
2.0.0.20
asusrt-n10e_firmware
2.0.0.24
asusrt-n10e_firmware
2.0.0.25
asusrt-n14u_firmware
3.0.0.4.322
asusrt-n14u_firmware
3.0.0.4.356
asusrt-n16_firmware
1.0.1.9
asusrt-n16_firmware
1.0.2.3
asusrt-n16_firmware
3.0.0.3.108
asusrt-n16_firmware
3.0.0.3.162
asusrt-n16_firmware
3.0.0.3.178
asusrt-n16_firmware
3.0.0.4.220
asusrt-n16_firmware
3.0.0.4.246
asusrt-n16_firmware
3.0.0.4.260
asusrt-n16_firmware
3.0.0.4.354
asusrt-n16_firmware
7.0.2.38b:b
asusrt-n56u_firmware
1.0.1.4
asusrt-n56u_firmware
1.0.1.4o:o
asusrt-n56u_firmware
1.0.1.7c:c
asusrt-n56u_firmware
1.0.1.7f:f
asusrt-n56u_firmware
1.0.1.8j:j
asusrt-n56u_firmware
1.0.1.8l:l
asusrt-n56u_firmware
1.0.1.8n:n
asusrt-n56u_firmware
3.0.0.4.318
asusrt-n56u_firmware
3.0.0.4.334
asusrt-n56u_firmware
3.0.0.4.342
asusrt-n56u_firmware
3.0.0.4.360
asusrt-n56u_firmware
7.0.1.21
asusrt-n56u_firmware
7.0.1.32
asusrt-n56u_firmware
8.1.1.4
asusrt-n65u_firmware
3.0.0.3.134
asusrt-n65u_firmware
3.0.0.3.176
asusrt-n65u_firmware
3.0.0.4.260
asusrt-n65u_firmware
3.0.0.4.334
asusrt-n65u_firmware
3.0.0.4.342
asusrt-n65u_firmware
3.0.0.4.346
asusrt-n66u_firmware
3.0.0.4.272
asusrt-n66u_firmware
3.0.0.4.370
asusrt-ac68u
-
t-mobiletm-ac1900
3.0.0.4.376_3169:_3169
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
http://seclists.org/fulldisclosure/2014/Apr/225
http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
https://support.t-mobile.com/docs/DOC-21994
http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
http://seclists.org/fulldisclosure/2014/Apr/225
http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
https://support.t-mobile.com/docs/DOC-21994