What is the severity of CVE-2014-7270?

CVE-2014-7270 is classified as a medium severity cross-site request forgery (CSRF) vulnerability.

How do I fix CVE-2014-7270?

To fix CVE-2014-7270, update the firmware of your affected ASUS router models to the latest version provided by ASUS.

Which ASUS router models are affected by CVE-2014-7270?

CVE-2014-7270 affects ASUS RT-AC87U, RT-AC68U, RT-AC56S, and RT-N66U routers with specific firmware versions.

What are the potential risks associated with CVE-2014-7270?

The risks of CVE-2014-7270 include unauthorized actions being performed on behalf of a user without their consent.

Is there a workaround for CVE-2014-7270 if I cannot update my firmware?

A temporary workaround for CVE-2014-7270 is to restrict access to the router's web interface to trusted IP addresses only.

Vulnerability/
CVE-2014-7270

medium

6.8

CWE

352

1/2/2015

6/8/2024

CVE-2014-7270: CSRF

First published: Sun Feb 01 2015(Updated: )

Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
ASUS RT-N66U	<=3.0.0.4.376.3715
Asus EA-N66
ASUS RT-N56U firmware	<=3.0.0.4.376.3715
ASUS routers
ASUS RT-AC87U Firmware	<=3.0.0.4.378.3754
ASUS RT-AC87U Firmware
ASUS RT-AC68R	<=3.0.0.4.376.3715
ASUS 4G-AC68U
ASUS RT-AC56S	<=3.0.0.4.376.3715
ASUS RT-AC56S

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-7270?
CVE-2014-7270 is classified as a medium severity cross-site request forgery (CSRF) vulnerability.
How do I fix CVE-2014-7270?
To fix CVE-2014-7270, update the firmware of your affected ASUS router models to the latest version provided by ASUS.
Which ASUS router models are affected by CVE-2014-7270?
CVE-2014-7270 affects ASUS RT-AC87U, RT-AC68U, RT-AC56S, and RT-N66U routers with specific firmware versions.
What are the potential risks associated with CVE-2014-7270?
The risks of CVE-2014-7270 include unauthorized actions being performed on behalf of a user without their consent.
Is there a workaround for CVE-2014-7270 if I cannot update my firmware?
A temporary workaround for CVE-2014-7270 is to restrict access to the router's web interface to trusted IP addresses only.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/asus
canonical/asus rt-n66u
version/asus rt-n66u/3.0.0.4.376.3715
canonical/asus ea-n66
canonical/asus rt-n56u firmware
version/asus rt-n56u firmware/3.0.0.4.376.3715
canonical/asus routers
canonical/asus rt-ac87u firmware
version/asus rt-ac87u firmware/3.0.0.4.378.3754
canonical/asus rt-ac68r
version/asus rt-ac68r/3.0.0.4.376.3715
canonical/asus 4g-ac68u
canonical/asus rt-ac56s
version/asus rt-ac56s/3.0.0.4.376.3715

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.