Intrusion PreventionASUS.Devices.infosvr.UDP.Broadcast.Command.Execution
Description
This indicates an attack attempt against a Command Execution vulnerability in ASUS Router.
The vulnerability is caused by an error when infosvr service handles a malicious udp packet. It allows a remote attacker to gain control of vulnerable systems via a crafted udp packet.
Affected Products
ASUS RT-N66U firmware version 3.0.0.4.376_1071-g8696125
ASUS RT-AC87U firmware version 3.0.0.4.378_3754
ASUS RT-N56U firmware version 3.0.0.4.374_5656
ASUS RT-AC68U firmware version 3.0.0.4.376_3626-g9a8323e
ASUS DSL-N55U firmware version 3.0.0.4.374_4422-gc83c78f
ASUS DSL-AC68U firmware version 3.0.0.4.376_2158-g340202b
ASUS RT-AC66R firmware version 3.0.0.4.376_2524-g0013f52
ASUS RT-AC66R firmware version 3.0.0.4.376_3602
ASUS RT-AC55U firmware version 3.0.0.4.376_6587-gaa506e9
ASUS RT-N12HP_B1 firmware version 3.0.0.4.374_1327
ASUS RT-N16 firmware version 3.0.0.4.220
Impact
System Compromise: Remote attacker can gain control of vulnerable systems.
Recommended Actions
Upgrade firmare to revision 3.0.0.4.376.3754 or newer.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-07-23 | 28.831 | Name:ASUS. Routers. infosvr. UDP. Broadcast. Command. Execution:ASUS. Devices. infosvr. UDP. Broadcast. Command. Execution |
References
http://www.exploit-db.com/exploits/35688| ID | 41006 |
| Created | Aug 18, 2015 |
| Updated | Sep 06, 2024 |
| Risk |
|
| CVE ID | CVE-2014-9583 |
| Exploit Prediction Score | 96.52% |
| Default Action | drop |
| Active | |
| Affected OS | Other |
| Affected App | Other |