CVE-2014-2719

ASUS RT Series Firmware - Authenticated Administrator Credential Exposure via Advanced_System_Content.asp

Title source: llm

Description

Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.

References (4)

Core 4

Core References

Various Sources x_refsource_misc

http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html

Various Sources x_refsource_confirm

http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Apr/225

Various Sources x_refsource_confirm

https://support.t-mobile.com/docs/DOC-21994

Scores

EPSS 0.0031

EPSS Percentile 54.2%

Details

CWE

CWE-200

Status published

Products (50)

asus/rt-ac66u_firmware 3.0.0.4.140

asus/rt-ac66u_firmware 3.0.0.4.220

asus/rt-ac66u_firmware 3.0.0.4.246

asus/rt-ac66u_firmware 3.0.0.4.260

asus/rt-ac66u_firmware 3.0.0.4.270

asus/rt-ac66u_firmware 3.0.0.4.354

asus/rt-ac68u

asus/rt-ac68u_firmware 3.0.0.4.374.4755

asus/rt-ac68u_firmware 3.0.0.4.374_4561

asus/rt-ac68u_firmware 3.0.0.4.374_4887

... and 40 more

Published Apr 22, 2014

Tracked Since Feb 18, 2026