CVE-2013-3610

Published: Oct 5, 2013Modified: Apr 29, 2026

6.1

Vector

AV:A/AC:L/Au:N/C:C/I:N/A:N

Exploitability: 6.5 / Impact: 6.9

Source: NVD

Description

qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.

Affected (7)

Products: Asus: Rt N10e Firmware, Rt N10e

Asus

2 products

Rt N10e Firmware

Rt N10e

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Asus Rt N10e Firmware	Up to 2.0.0.24
Asus Rt N10e Firmware	Version 2.0.0.10
Asus Rt N10e Firmware	Version 2.0.0.16
Asus Rt N10e Firmware	Version 2.0.0.19
Asus Rt N10e Firmware	Version 2.0.0.20
Asus Rt N10e Firmware	Version 2.0.0.7
Asus Rt N10e	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://www.kb.cert.org/vuls/id/984366

Source: cret@cert.org

US Government Resource

http://www.kb.cert.org/vuls/id/984366

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.