CVE-2014-9583

EXPLOITED

ASUS WRT - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2014-9583 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, Friedrich Postelstorfer, Friedrich Postelstorfer, jduck, bcoles, including a Metasploit module exploits/linux/misc/asus_infosvr_auth_bypass_exec.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass vulnerability in the ASUS infosvr service (UDP port 9999) to execute arbitrary commands as root. It launches a BusyBox Telnet daemon on a specified port to gain an interactive remote shell.

Description

common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/44524

This Metasploit module exploits an authentication bypass vulnerability in the ASUS infosvr service (UDP port 9999) to execute arbitrary commands as root. It launches a BusyBox Telnet daemon on a specified port to gain an interactive remote shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ASUS routers (e.g., RT-N12E with firmware version 2.0.0.35)
No auth needed
Prerequisites: Network access to UDP port 9999 on the target router
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Friedrich Postelstorfer · pythonremotehardware
https://www.exploit-db.com/exploits/35688

This exploit targets a backdoor in ASUSWRT's infosvr service on port 9999, allowing unauthenticated command execution as root via a crafted UDP packet. The command length is limited to 237 bytes to avoid buffer overflow.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ASUSWRT 3.0.0.4.376_1071 (RT-N66U and potentially other models)
No auth needed
Prerequisites: Network access to the target's LAN interface · UDP port 9999 accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Friedrich Postelstorfer, jduck, bcoles · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/asus_infosvr_auth_bypass_exec.rb

This Metasploit module exploits an authentication bypass vulnerability in the ASUS infosvr service (UDP port 9999) to execute arbitrary commands as root. It launches a BusyBox Telnet daemon on a specified port to gain an interactive remote shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ASUS routers (e.g., RT-N12E with firmware version 2.0.0.35)
No auth needed
Prerequisites: Network access to UDP port 9999 on the target router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35688
Various Sources x_refsource_confirm
https://support.t-mobile.com/docs/DOC-21994
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44524/

Scores

EPSS 0.9105
EPSS Percentile 99.7%

Details

VulnCheck KEV 2018-07-13
CWE
CWE-264
Status published
Products (3)
asus/wrt_firmware 3.0.0.4.376.2524-g0012f52
asus/wrt_firmware 3.0.0.4.376_1071
t-mobile/tm-ac1900 3.0.0.4.376_3169
Published Jan 08, 2015
Tracked Since Feb 18, 2026