{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13062", "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "state": "PUBLISHED", "assignerShortName": "ASUS", "dateReserved": "2024-12-31T01:39:32.126Z", "datePublished": "2025-01-02T09:09:45.871Z", "dateUpdated": "2025-01-06T20:32:58.212Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Router", "vendor": "ASUS", "versions": [{"status": "affected", "version": "3.0.0.4_382 series", "versionType": "custom"}, {"status": "affected", "version": "3.0.0.4_386 series", "versionType": "custom"}, {"status": "affected", "version": "3.0.0.4_388 series", "versionType": "custom"}, {"status": "affected", "version": "3.0.0.6_102 series", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution.<br>Refer to the '&nbsp;01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information."}], "value": "An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution.\nRefer to the '\u00a001/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912: Hidden Functionality", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "shortName": "ASUS", "dateUpdated": "2025-01-02T09:09:45.871Z"}, "references": [{"url": "https://www.asus.com/content/asus-product-security-advisory/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-06T20:32:32.491358Z", "id": "CVE-2024-13062", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T20:32:58.212Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-13062", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-06T20:32:32.491358Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T20:32:54.457Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ASUS", "product": "Router", "versions": [{"status": "affected", "version": "3.0.0.4_382 series", "versionType": "custom"}, {"status": "affected", "version": "3.0.0.4_386 series", "versionType": "custom"}, {"status": "affected", "version": "3.0.0.4_388 series", "versionType": "custom"}, {"status": "affected", "version": "3.0.0.6_102 series", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.asus.com/content/asus-product-security-advisory/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution.\nRefer to the '\u00a001/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.", "supportingMedia": [{"type": "text/html", "value": "An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution.<br>Refer to the '&nbsp;01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-912", "description": "CWE-912: Hidden Functionality"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "shortName": "ASUS", "dateUpdated": "2025-01-02T09:09:45.871Z"}}}, "cveMetadata": {"cveId": "CVE-2024-13062", "state": "PUBLISHED", "dateUpdated": "2025-01-06T20:32:58.212Z", "dateReserved": "2024-12-31T01:39:32.126Z", "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "datePublished": "2025-01-02T09:09:45.871Z", "assignerShortName": "ASUS"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution.\nRefer to the '\u00a001/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de punto de entrada no intencionado en ciertos modelos de routers, que puede permitir la ejecuci\u00f3n de comandos arbitrarios. Consulte la secci\u00f3n \"Vulnerabilidad de ASUS Router AiCloud del 01/02/2025\" en el Aviso de seguridad de ASUS para obtener m\u00e1s informaci\u00f3n."}], "id": "CVE-2024-13062", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary"}]}, "published": "2025-01-02T10:15:06.153", "references": [{"source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "url": "https://www.asus.com/content/asus-product-security-advisory/"}], "sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-912"}], "source": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1", "type": "Secondary"}]}

{}

{}