← Zuruck zu CVEs
CVE-2018-20334
CRITICAL9.8
Beschreibung
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/20/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
asus:asuswrtasus:gt-ac2900asus:gt-ac5300asus:gt-ax11000asus:rt-ac1200asus:rt-ac1200_v2asus:rt-ac1200gasus:rt-ac1200geasus:rt-ac1750asus:rt-ac1750_b1asus:rt-ac1900pasus:rt-ac3100asus:rt-ac3200asus:rt-ac51uasus:rt-ac5300asus:rt-ac55uasus:rt-ac56rasus:rt-ac56sasus:rt-ac56uasus:rt-ac66rasus:rt-ac66uasus:rt-ac66u-b1asus:rt-ac66u_b1asus:rt-ac68pasus:rt-ac68uasus:rt-ac86uasus:rt-ac87uasus:rt-ac88uasus:rt-acrh12asus:rt-acrh13asus:rt-ax3000asus:rt-ax56uasus:rt-ax58uasus:rt-ax88uasus:rt-ax92uasus:rt-g32asus:rt-n10\+d1asus:rt-n10easus:rt-n14uasus:rt-n16asus:rt-n19asus:rt-n56rasus:rt-n56uasus:rt-n600asus:rt-n65uasus:rt-n66rasus:rt-n66u
Schwachen (CWE)
CWE-78
Referenzen
https://starlabs.sg/advisories/18-20334/(cve@mitre.org)
https://starlabs.sg/advisories/18-20334/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.