CVE-2013-4659 - OpenCVE

Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Rt-ac66u Firmware Rt-ac66u
Trendnet	Tew-812dru Firmware Tew-812dru

Configuration 1 [-]

AND

cpe:2.3:o:asus:rt-ac66u_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:trendnet:tew-812dru_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-812dru:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.linux-magazine.com/Issues/2014/161/Security-and-SOHO-Routers	Press/Media Coverage
https://packetstormsecurity.com/files/122562/ASUS-RT-AC66U-ACSD-Remote-Root-Buffer-Overflow.html	Exploit VDB Entry Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-14T09:02:00

Updated: 2017-03-14T08:57:01

Reserved: 2013-06-24T00:00:00

Link: CVE-2013-4659

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-03-14T09:59:00.160

Modified: 2017-03-15T16:58:34.110

Link: CVE-2013-4659

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-14T08:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://packetstormsecurity.com/files/122562/ASUS-RT-AC66U-ACSD-Remote-Root-Buffer-Overflow.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.linux-magazine.com/Issues/2014/161/Security-and-SOHO-Routers"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4659", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://packetstormsecurity.com/files/122562/ASUS-RT-AC66U-ACSD-Remote-Root-Buffer-Overflow.html", "refsource": "MISC", "url": "https://packetstormsecurity.com/files/122562/ASUS-RT-AC66U-ACSD-Remote-Root-Buffer-Overflow.html"}, {"name": "http://www.linux-magazine.com/Issues/2014/161/Security-and-SOHO-Routers", "refsource": "MISC", "url": "http://www.linux-magazine.com/Issues/2014/161/Security-and-SOHO-Routers"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4659", "datePublished": "2017-03-14T09:02:00", "dateReserved": "2013-06-24T00:00:00", "dateUpdated": "2017-03-14T08:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ac66u_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FFDE31E-5C68-4DC7-9B4A-C19F1719CA91", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*", "matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:tew-812dru_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "52A912D3-05B3-4A84-A0C9-743BC059A57E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tew-812dru:-:*:*:*:*:*:*:*", "matchCriteriaId": "28DC340B-27D7-4F13-A544-E8256159C2D6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Broadcom ACSD permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena larga al puerto TCP 5916. Este componente es utilizado en routers de m\u00faltiples vendedores incluyendo ASUS RT-AC66U y TRENDnet TEW-812DRU."}], "id": "CVE-2013-4659", "lastModified": "2017-03-15T16:58:34.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-14T09:59:00.160", "references": [{"source": "cve@mitre.org", "tags": ["Press/Media Coverage"], "url": "http://www.linux-magazine.com/Issues/2014/161/Security-and-SOHO-Routers"}, {"source": "cve@mitre.org", "tags": ["Exploit", "VDB Entry", "Third Party Advisory"], "url": "https://packetstormsecurity.com/files/122562/ASUS-RT-AC66U-ACSD-Remote-Root-Buffer-Overflow.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}