CVE-2013-3610 — Improper Authentication in Rt-n10e Firmware

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 63.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Rt-n10e Firmware

Timeline

PublishedOct 5

Latest updateMay 17

Description

qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.

CVSS vector

AV:A/AC:L/C:C/I:N/A:NExploitability: 6.5 | Impact: 6.9

Affected Packages1 packages

▶NVDasus/rt-n10e_firmware2.0.0.24+5

🔴Vulnerability Details

GHSA

GHSA-64cv-c6cm-6vwf: qis/QIS_finish↗2022-05-17

▶

CVEList

CVE-2013-3610: qis/QIS_finish↗2013-10-05

▶