Skip to main content

CVE-2014-9583

10.0
CVSS v2.0 Base Score
91.05%
HIGH RiskEPSS (100th percentile)
CWE-264

common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.

Published: 1/8/2015
Modified: 5/6/2026
Back to CVE Lookup

Vulnerability Summary

CVSS v2 Score

10

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score (Exploitation Probability)

91.05%HIGH Exploitation Risk
100th percentile

This vulnerability has a 91.05% probability of being exploited in the next 30 days, ranking higher than 100% of all scored CVEs.

CWE Classification

CWE-264

Related Vulnerabilities

Same Weakness Type(CWE-264)

CVE-2023-3599MEDIUM 6.3

A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the component Add User Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-233450 is the identifier assigned to this vulnerability.

7/10/2023
CVE-2022-41781MEDIUM 6.5

Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.

11/18/2022
CVE-2022-36427HIGH 7.3

Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress.

9/6/2022
CVE-2022-36387HIGH 7.6

Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress.

9/6/2022
CVE-2019-1621HIGH 7.5

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.

6/27/2019

Learn More

CVSS Calculator

Calculate and understand CVSS scores

Understanding CVSS Scoring

Learn how severity scores are calculated and what they mean

CVE Prioritization Guide

Best practices for deciding which vulnerabilities to address first

What is a CVE?

Essential guide to Common Vulnerabilities and Exposures