CVE-2014-2718

Name: CVE-2014-2718
Creator: NVD / NIST
Published: 2014-11-04T22:55:06.417+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.10%

Last modified Jun 17, 2026

CVE-2014-2718 is a vulnerability of currently unknown severity. ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.. EPSS estimates a 1.10% chance of exploitation in the next 30 days.

Description

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.

Metrics

EPSS Probability

1.10%

61.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-345

Affected Software

Vendor	Product	Versions
T-Mobile	Tm-Ac1900	3.0.0.4.376_3169
Asus	Rt Series Firmware	<= 3.0.0.4.374.x

References

Timeline

Published: Nov 4, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-2718?

How severe is CVE-2014-2718?

Severity scoring for CVE-2014-2718 is pending analysis. The EPSS model estimates a 1.10% probability of exploitation in the next 30 days.

How do I fix CVE-2014-2718?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-2718?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST