CVE

CVE-2014-9583

common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.

View access options View sample report Ask about this record

What this profile means

This public preview summarizes the normalized record without exposing paid citation paths. Use it to decide whether the device deserves a paid report, workspace review, or direct source verification.

Record typedevice

CategoryCVE

StatusNVD CVE record

Confidence90

CVECVE-2014-9583

Source coverage preview

Public pages show source names and record counts. Paid reports unlock source URLs, citation paths, and report-generation context.

Source rows checked2

Max source confidence90

Latest source observationMay 18, 2026

CitationsLocked in paid report

NIST NVD CVE API

Paid report value

Device/security signal snapshot
Known exploited and exploitability interpretation where available
Remediation and inventory-mapping checklist
Locked source citations and monitoring path

For records that need deeper review, use the main access flow to request source-backed report context, saved workspace review, or support before relying on the public preview.

View access options View sample report Contact support

Methodology and limits

Source-backed, but still worth verifying for high-impact use.

Security records are triage intelligence and should be validated against asset inventory, firmware versions, compensating controls, and vendor advisories.

For security teams

Prioritize known exploited and high-confidence records.

For buyers

Check support and vulnerability signals before purchase.

For MSPs

Use reports and monitors for customer device review.

Questions to ask before relying on this record

What official source published this signal, and when was it last observed?
Does the record still match the current operating, legal, safety, or source context?
Are there related records under another name, jurisdiction, model, address, sponsor, or identifier?
Does this decision need human QA before money, safety, care, legal, or operational action?

Paid reports include citation paths and report-generation context; public previews intentionally hide source URLs.