virus logo Intrusion Prevention

ASUS.Routers.infosvr.UDP.Broadcast.Command.Execution

description-logoDescription

This indicates an attack attempt against a Command Execution vulnerability in ASUS Router.
The vulnerability is caused by an error when infosvr service handles a malicious udp packet. It allows a remote attacker to gain control of vulnerable systems via a crafted udp packet.

affected-products-logoAffected Products

ASUS RT-N66U firmware version 3.0.0.4.376_1071-g8696125
ASUS RT-AC87U firmware version 3.0.0.4.378_3754
ASUS RT-N56U firmware version 3.0.0.4.374_5656
ASUS RT-AC68U firmware version 3.0.0.4.376_3626-g9a8323e
ASUS DSL-N55U firmware version 3.0.0.4.374_4422-gc83c78f
ASUS DSL-AC68U firmware version 3.0.0.4.376_2158-g340202b
ASUS RT-AC66R firmware version 3.0.0.4.376_2524-g0013f52
ASUS RT-AC66R firmware version 3.0.0.4.376_3602
ASUS RT-AC55U firmware version 3.0.0.4.376_6587-gaa506e9
ASUS RT-N12HP_B1 firmware version 3.0.0.4.374_1327
ASUS RT-N16 firmware version 3.0.0.4.220

Impact logoImpact

System Compromise: Remote attacker can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade firmare to revision 3.0.0.4.376.3754 or newer.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.exploit-db.com/exploits/35688
ID 41006
Created Aug 18, 2015
Updated Dec 04, 2017
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2014-9583
Exploit Prediction Score 96.52%
Default Action drop
Active
Affected OS Linux
Affected App Other