← Retour aux CVEs
CVE-2018-20334
CRITICAL9.8
Description
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/20/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
asus:asuswrtasus:gt-ac2900asus:gt-ac5300asus:gt-ax11000asus:rt-ac1200asus:rt-ac1200_v2asus:rt-ac1200gasus:rt-ac1200geasus:rt-ac1750asus:rt-ac1750_b1asus:rt-ac1900pasus:rt-ac3100asus:rt-ac3200asus:rt-ac51uasus:rt-ac5300asus:rt-ac55uasus:rt-ac56rasus:rt-ac56sasus:rt-ac56uasus:rt-ac66rasus:rt-ac66uasus:rt-ac66u-b1asus:rt-ac66u_b1asus:rt-ac68pasus:rt-ac68uasus:rt-ac86uasus:rt-ac87uasus:rt-ac88uasus:rt-acrh12asus:rt-acrh13asus:rt-ax3000asus:rt-ax56uasus:rt-ax58uasus:rt-ax88uasus:rt-ax92uasus:rt-g32asus:rt-n10\+d1asus:rt-n10easus:rt-n14uasus:rt-n16asus:rt-n19asus:rt-n56rasus:rt-n56uasus:rt-n600asus:rt-n65uasus:rt-n66rasus:rt-n66u
Faiblesses (CWE)
CWE-78
References
https://starlabs.sg/advisories/18-20334/(cve@mitre.org)
https://starlabs.sg/advisories/18-20334/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.