Vulnerabilites related to asus - rt-n10\+d1
cve-2018-20333
Vulnerability from cvelistv5
Published
2020-03-20 00:11
Modified
2024-08-05 11:58
Severity ?
EPSS score ?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
References
| ▼ | URL | Tags |
|---|---|---|
| https://starlabs.sg/advisories/18-20333/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/18-20333/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T00:11:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/18-20333/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://starlabs.sg/advisories/18-20333/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/18-20333/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20333",
"datePublished": "2020-03-20T00:11:15",
"dateReserved": "2018-12-21T00:00:00",
"dateUpdated": "2024-08-05T11:58:19.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1437
Vulnerability from cvelistv5
Published
2015-02-04 16:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100563 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/534612/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100566 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/72369 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/534580/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/534579/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asus-rtn10-errorpage-xss(100563)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100563"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html"
},
{
"name": "20150203 CVE-2015-1437 XSS In ASUS Router.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534612/100/0/threaded"
},
{
"name": "asus-rtn10-resultstatus-xss(100566)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100566"
},
{
"name": "72369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72369"
},
{
"name": "20150129 Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534580/100/0/threaded"
},
{
"name": "20150129 Reflected XSS vulnarbility in Asus RT-N10 Plus Router",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534579/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asus-rtn10-errorpage-xss(100563)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100563"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html"
},
{
"name": "20150203 CVE-2015-1437 XSS In ASUS Router.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534612/100/0/threaded"
},
{
"name": "asus-rtn10-resultstatus-xss(100566)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100566"
},
{
"name": "72369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72369"
},
{
"name": "20150129 Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534580/100/0/threaded"
},
{
"name": "20150129 Reflected XSS vulnarbility in Asus RT-N10 Plus Router",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534579/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asus-rtn10-errorpage-xss(100563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100563"
},
{
"name": "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html"
},
{
"name": "20150203 CVE-2015-1437 XSS In ASUS Router.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534612/100/0/threaded"
},
{
"name": "asus-rtn10-resultstatus-xss(100566)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100566"
},
{
"name": "72369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72369"
},
{
"name": "20150129 Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534580/100/0/threaded"
},
{
"name": "20150129 Reflected XSS vulnarbility in Asus RT-N10 Plus Router",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534579/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1437",
"datePublished": "2015-02-04T16:00:00",
"dateReserved": "2015-01-31T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20335
Vulnerability from cvelistv5
Published
2020-03-20 00:11
Modified
2024-08-05 11:58
Severity ?
EPSS score ?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://starlabs.sg/advisories/18-20335/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/18-20335/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T00:11:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/18-20335/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://starlabs.sg/advisories/18-20335/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/18-20335/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20335",
"datePublished": "2020-03-20T00:11:09",
"dateReserved": "2018-12-21T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20334
Vulnerability from cvelistv5
Published
2020-03-20 00:11
Modified
2024-08-05 11:58
Severity ?
EPSS score ?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
References
| ▼ | URL | Tags |
|---|---|---|
| https://starlabs.sg/advisories/18-20334/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/18-20334/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T00:11:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/18-20334/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://starlabs.sg/advisories/18-20334/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/18-20334/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20334",
"datePublished": "2020-03-20T00:11:06",
"dateReserved": "2018-12-21T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-03-20 01:15
Modified
2024-11-21 04:01
Severity ?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://starlabs.sg/advisories/18-20334/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://starlabs.sg/advisories/18-20334/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | asuswrt | 3.0.0.4.384.20308 | |
| asus | gt-ac2900 | - | |
| asus | gt-ac5300 | - | |
| asus | gt-ax11000 | - | |
| asus | rt-ac1200 | - | |
| asus | rt-ac1200_v2 | - | |
| asus | rt-ac1200g | - | |
| asus | rt-ac1200ge | - | |
| asus | rt-ac1750 | - | |
| asus | rt-ac1750_b1 | - | |
| asus | rt-ac1900p | - | |
| asus | rt-ac3100 | - | |
| asus | rt-ac3200 | - | |
| asus | rt-ac51u | - | |
| asus | rt-ac5300 | - | |
| asus | rt-ac55u | - | |
| asus | rt-ac56r | - | |
| asus | rt-ac56s | - | |
| asus | rt-ac56u | - | |
| asus | rt-ac66r | - | |
| asus | rt-ac66u | - | |
| asus | rt-ac66u-b1 | - | |
| asus | rt-ac66u_b1 | - | |
| asus | rt-ac68p | - | |
| asus | rt-ac68u | - | |
| asus | rt-ac86u | - | |
| asus | rt-ac87u | - | |
| asus | rt-ac88u | - | |
| asus | rt-acrh12 | - | |
| asus | rt-acrh13 | - | |
| asus | rt-ax3000 | - | |
| asus | rt-ax56u | - | |
| asus | rt-ax58u | - | |
| asus | rt-ax88u | - | |
| asus | rt-ax92u | - | |
| asus | rt-g32 | - | |
| asus | rt-n10\+d1 | - | |
| asus | rt-n10e | - | |
| asus | rt-n14u | - | |
| asus | rt-n16 | - | |
| asus | rt-n19 | - | |
| asus | rt-n56r | - | |
| asus | rt-n56u | - | |
| asus | rt-n600 | - | |
| asus | rt-n65u | - | |
| asus | rt-n66r | - | |
| asus | rt-n66u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4DB439-E9CC-4BA5-9A05-B51BF8DCD038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B581C286-7C47-42BF-8876-243285409374",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2B9867-7DA3-4221-9148-36FD412FA993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE19DF1-EB89-4CE5-956F-79BD4AD5E52F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BBA2CB-3DD3-4A8F-9556-E845AFAB2043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF74439-AD6D-4BBB-9254-640170FE1CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2078161F-17EB-45EE-BCE9-C86B3860FD5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59001E8D-E835-464A-915A-AAF59F2F397F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51FC355D-5C81-4041-B649-EB271CA55AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E5EEF4-D19B-41D1-86B6-F2CBB745570E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B17C2B-A1EC-4FC1-8AB1-F35D9E3A0AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EE62D6-1E29-4E84-8944-D3D68E212140",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7DF43D-7EEE-405C-BB2B-822936BCB4A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32874C8-05B6-44A1-B118-DC2F4FE62134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E87BA7-FACD-46B2-BE2A-9EFEA3C62C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D59C40A-D9BA-455B-9F9E-D3B6FB80BC13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD103F76-C432-4577-8465-831E0314D8D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B0EC4-797D-4059-AA90-EC09A49FE105",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5713F0F3-B616-42B7-A0D8-7983F00E79FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81008E66-B5E8-4DE5-B14D-E6983C69BC29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF9FF00-2DDC-4900-8A93-A51E41EA5C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41AF79B6-D208-4357-A08D-D1AB6F136F59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD16BBF-DB02-4E96-A310-82C13898B29D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8794D4A-5E8C-432D-A2FB-9CF86158E8D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFCC588-AAA6-45FA-8D1F-E57C7693D27A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85B0C29C-29A5-4659-8D76-9241B13682DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E016FE0-0A28-49AA-A213-38A5F7728FE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
"matchCriteriaId": "507A5D4D-CAF9-4417-9EA6-B499E04D1CDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C092D3-14B2-4DBB-8C20-D15F0BA33FA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481C7F6F-23A4-4B8B-8E14-44ADFCBE8C58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5567C97-0AE2-429B-B4D7-1CF501BD2C07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4466BA-09EB-43F0-9610-6574F10B5810",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en ASUSWRT versi\u00f3n 3.0.0.4.384.20308. Al procesar los datos POST del archivo /start_apply.htm, se presenta un problema de inyecci\u00f3n de comandos por medio de metacaracteres de shell en el par\u00e1metro fb_email. Al usar este problema, un atacante puede controlar el enrutador y conseguir la shell."
}
],
"id": "CVE-2018-20334",
"lastModified": "2024-11-21T04:01:15.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-20T01:15:22.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20334/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20334/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-04 16:59
Modified
2024-11-21 02:25
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | rt-n10\+d1_firmware | 2.1.1.1.70 | |
| asus | rt-n10\+d1 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-n10\\+d1_firmware:2.1.1.1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "E32EF7AD-55C5-4F01-A774-154E62D1F19D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-n10\\+d1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA032888-0D89-4831-99AD-E06E2CBA5580",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el router Asus RT-N10+ D1 con firmware 2.1.1.1.70 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro flag en (1) result_of_get_changed_status.asp o (2) error_page.htm."
}
],
"id": "CVE-2015-1437",
"lastModified": "2024-11-21T02:25:25.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-04T16:59:03.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534579/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534580/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534612/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72369"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100563"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130187/Asus-RT-N10-Plus-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534579/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534580/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534612/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100566"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-20 01:15
Modified
2024-11-21 04:01
Severity ?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://starlabs.sg/advisories/18-20335/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://starlabs.sg/advisories/18-20335/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | asuswrt | 3.0.0.4.384.20308 | |
| asus | gt-ac2900 | - | |
| asus | gt-ac5300 | - | |
| asus | gt-ax11000 | - | |
| asus | rt-ac1200 | - | |
| asus | rt-ac1200_v2 | - | |
| asus | rt-ac1200g | - | |
| asus | rt-ac1200ge | - | |
| asus | rt-ac1750 | - | |
| asus | rt-ac1750_b1 | - | |
| asus | rt-ac1900p | - | |
| asus | rt-ac3100 | - | |
| asus | rt-ac3200 | - | |
| asus | rt-ac51u | - | |
| asus | rt-ac5300 | - | |
| asus | rt-ac55u | - | |
| asus | rt-ac56r | - | |
| asus | rt-ac56s | - | |
| asus | rt-ac56u | - | |
| asus | rt-ac66r | - | |
| asus | rt-ac66u | - | |
| asus | rt-ac66u-b1 | - | |
| asus | rt-ac66u_b1 | - | |
| asus | rt-ac68p | - | |
| asus | rt-ac68u | - | |
| asus | rt-ac86u | - | |
| asus | rt-ac87u | - | |
| asus | rt-ac88u | - | |
| asus | rt-acrh12 | - | |
| asus | rt-acrh13 | - | |
| asus | rt-ax3000 | - | |
| asus | rt-ax56u | - | |
| asus | rt-ax58u | - | |
| asus | rt-ax88u | - | |
| asus | rt-ax92u | - | |
| asus | rt-g32 | - | |
| asus | rt-n10\+d1 | - | |
| asus | rt-n10e | - | |
| asus | rt-n14u | - | |
| asus | rt-n16 | - | |
| asus | rt-n19 | - | |
| asus | rt-n56r | - | |
| asus | rt-n56u | - | |
| asus | rt-n600 | - | |
| asus | rt-n65u | - | |
| asus | rt-n66r | - | |
| asus | rt-n66u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4DB439-E9CC-4BA5-9A05-B51BF8DCD038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B581C286-7C47-42BF-8876-243285409374",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2B9867-7DA3-4221-9148-36FD412FA993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE19DF1-EB89-4CE5-956F-79BD4AD5E52F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BBA2CB-3DD3-4A8F-9556-E845AFAB2043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF74439-AD6D-4BBB-9254-640170FE1CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2078161F-17EB-45EE-BCE9-C86B3860FD5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59001E8D-E835-464A-915A-AAF59F2F397F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51FC355D-5C81-4041-B649-EB271CA55AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E5EEF4-D19B-41D1-86B6-F2CBB745570E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B17C2B-A1EC-4FC1-8AB1-F35D9E3A0AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EE62D6-1E29-4E84-8944-D3D68E212140",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7DF43D-7EEE-405C-BB2B-822936BCB4A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32874C8-05B6-44A1-B118-DC2F4FE62134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E87BA7-FACD-46B2-BE2A-9EFEA3C62C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D59C40A-D9BA-455B-9F9E-D3B6FB80BC13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD103F76-C432-4577-8465-831E0314D8D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B0EC4-797D-4059-AA90-EC09A49FE105",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5713F0F3-B616-42B7-A0D8-7983F00E79FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81008E66-B5E8-4DE5-B14D-E6983C69BC29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF9FF00-2DDC-4900-8A93-A51E41EA5C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41AF79B6-D208-4357-A08D-D1AB6F136F59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD16BBF-DB02-4E96-A310-82C13898B29D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8794D4A-5E8C-432D-A2FB-9CF86158E8D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFCC588-AAA6-45FA-8D1F-E57C7693D27A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85B0C29C-29A5-4659-8D76-9241B13682DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E016FE0-0A28-49AA-A213-38A5F7728FE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
"matchCriteriaId": "507A5D4D-CAF9-4417-9EA6-B499E04D1CDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C092D3-14B2-4DBB-8C20-D15F0BA33FA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481C7F6F-23A4-4B8B-8E14-44ADFCBE8C58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5567C97-0AE2-429B-B4D7-1CF501BD2C07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4466BA-09EB-43F0-9610-6574F10B5810",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en ASUSWRT versi\u00f3n 3.0.0.4.384.20308. Un usuario no autenticado puede desencadenar una DoS del servicio httpd por medio del URI /APP_Installation.asp?=."
}
],
"id": "CVE-2018-20335",
"lastModified": "2024-11-21T04:01:15.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-20T01:15:22.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20335/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20335/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-20 01:15
Modified
2024-11-21 04:01
Severity ?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://starlabs.sg/advisories/18-20333/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://starlabs.sg/advisories/18-20333/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | asuswrt | 3.0.0.4.384.20308 | |
| asus | gt-ac2900 | - | |
| asus | gt-ac5300 | - | |
| asus | gt-ax11000 | - | |
| asus | rt-ac1200 | - | |
| asus | rt-ac1200_v2 | - | |
| asus | rt-ac1200g | - | |
| asus | rt-ac1200ge | - | |
| asus | rt-ac1750 | - | |
| asus | rt-ac1750_b1 | - | |
| asus | rt-ac1900p | - | |
| asus | rt-ac3100 | - | |
| asus | rt-ac3200 | - | |
| asus | rt-ac51u | - | |
| asus | rt-ac5300 | - | |
| asus | rt-ac55u | - | |
| asus | rt-ac56r | - | |
| asus | rt-ac56s | - | |
| asus | rt-ac56u | - | |
| asus | rt-ac66r | - | |
| asus | rt-ac66u | - | |
| asus | rt-ac66u-b1 | - | |
| asus | rt-ac66u_b1 | - | |
| asus | rt-ac68p | - | |
| asus | rt-ac68u | - | |
| asus | rt-ac86u | - | |
| asus | rt-ac87u | - | |
| asus | rt-ac88u | - | |
| asus | rt-acrh12 | - | |
| asus | rt-acrh13 | - | |
| asus | rt-ax3000 | - | |
| asus | rt-ax56u | - | |
| asus | rt-ax58u | - | |
| asus | rt-ax88u | - | |
| asus | rt-ax92u | - | |
| asus | rt-g32 | - | |
| asus | rt-n10\+d1 | - | |
| asus | rt-n10e | - | |
| asus | rt-n14u | - | |
| asus | rt-n16 | - | |
| asus | rt-n19 | - | |
| asus | rt-n56r | - | |
| asus | rt-n56u | - | |
| asus | rt-n600 | - | |
| asus | rt-n65u | - | |
| asus | rt-n66r | - | |
| asus | rt-n66u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4DB439-E9CC-4BA5-9A05-B51BF8DCD038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B581C286-7C47-42BF-8876-243285409374",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2B9867-7DA3-4221-9148-36FD412FA993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE19DF1-EB89-4CE5-956F-79BD4AD5E52F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BBA2CB-3DD3-4A8F-9556-E845AFAB2043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF74439-AD6D-4BBB-9254-640170FE1CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2078161F-17EB-45EE-BCE9-C86B3860FD5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59001E8D-E835-464A-915A-AAF59F2F397F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51FC355D-5C81-4041-B649-EB271CA55AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E5EEF4-D19B-41D1-86B6-F2CBB745570E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B17C2B-A1EC-4FC1-8AB1-F35D9E3A0AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EE62D6-1E29-4E84-8944-D3D68E212140",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7DF43D-7EEE-405C-BB2B-822936BCB4A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32874C8-05B6-44A1-B118-DC2F4FE62134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E87BA7-FACD-46B2-BE2A-9EFEA3C62C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D59C40A-D9BA-455B-9F9E-D3B6FB80BC13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD103F76-C432-4577-8465-831E0314D8D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B0EC4-797D-4059-AA90-EC09A49FE105",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5713F0F3-B616-42B7-A0D8-7983F00E79FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81008E66-B5E8-4DE5-B14D-E6983C69BC29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF9FF00-2DDC-4900-8A93-A51E41EA5C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41AF79B6-D208-4357-A08D-D1AB6F136F59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD16BBF-DB02-4E96-A310-82C13898B29D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8794D4A-5E8C-432D-A2FB-9CF86158E8D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFCC588-AAA6-45FA-8D1F-E57C7693D27A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85B0C29C-29A5-4659-8D76-9241B13682DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E016FE0-0A28-49AA-A213-38A5F7728FE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
"matchCriteriaId": "507A5D4D-CAF9-4417-9EA6-B499E04D1CDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C092D3-14B2-4DBB-8C20-D15F0BA33FA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481C7F6F-23A4-4B8B-8E14-44ADFCBE8C58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5567C97-0AE2-429B-B4D7-1CF501BD2C07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4466BA-09EB-43F0-9610-6574F10B5810",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en ASUSWRT versi\u00f3n 3.0.0.4.384.20308. Un usuario no autenticado puede solicitar el archivo /update_applist.asp para visualizar si un dispositivo USB se encuentra adjunto al enrutador y si hay aplicaciones instaladas en el enrutador."
}
],
"id": "CVE-2018-20333",
"lastModified": "2024-11-21T04:01:15.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-20T01:15:22.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20333/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20333/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201502-0387
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm. The Asus RT-N10 Plus Router is a router device. A remote attacker can exploit a vulnerability to construct a malicious URI, entice a user to resolve it, obtain sensitive cookies, hijack a session, or perform malicious operations on the client. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability is caused by the result_of_get_changed_status.asp and error_page.htm files not adequately filtering the 'flag' parameter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n10\\+d1",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "2.1.1.1.70"
},
{
"model": "rt-n10 plus",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n10 plus",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "2.1.1.1.70"
},
{
"model": "rt-n10 plus router running",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "2.1.1.1.70"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00883"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-035"
},
{
"db": "NVD",
"id": "CVE-2015-1437"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:asus:rt-n10%2Bd1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-n10%2Bd1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kaustubh Padwad",
"sources": [
{
"db": "BID",
"id": "72369"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-035"
}
],
"trust": 0.9
},
"cve": "CVE-2015-1437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-1437",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-00883",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-79398",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1437",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-1437",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00883",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-035",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79398",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00883"
},
{
"db": "VULHUB",
"id": "VHN-79398"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-035"
},
{
"db": "NVD",
"id": "CVE-2015-1437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm. The Asus RT-N10 Plus Router is a router device. A remote attacker can exploit a vulnerability to construct a malicious URI, entice a user to resolve it, obtain sensitive cookies, hijack a session, or perform malicious operations on the client. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability is caused by the result_of_get_changed_status.asp and error_page.htm files not adequately filtering the \u0027flag\u0027 parameter",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1437"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
},
{
"db": "CNVD",
"id": "CNVD-2015-00883"
},
{
"db": "BID",
"id": "72369"
},
{
"db": "VULHUB",
"id": "VHN-79398"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1437",
"trust": 3.4
},
{
"db": "BID",
"id": "72369",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "130187",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001451",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-035",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-00883",
"trust": 0.6
},
{
"db": "XF",
"id": "100566",
"trust": 0.6
},
{
"db": "XF",
"id": "100563",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-79398",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00883"
},
{
"db": "VULHUB",
"id": "VHN-79398"
},
{
"db": "BID",
"id": "72369"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-035"
},
{
"db": "NVD",
"id": "CVE-2015-1437"
}
]
},
"id": "VAR-201502-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00883"
},
{
"db": "VULHUB",
"id": "VHN-79398"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00883"
}
]
},
"last_update_date": "2024-11-23T22:31:10.509000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-N10",
"trust": 0.8,
"url": "http://www.asus.com/Networking/RTN10/overview/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79398"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
},
{
"db": "NVD",
"id": "CVE-2015-1437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/72369"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/130187/asus-rt-n10-plus-cross-site-scripting.html"
},
{
"trust": 1.4,
"url": "http://www.securityfocus.com/archive/1/archive/1/534580/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534579/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534580/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534612/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100563"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100566"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1437"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1437"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534612/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/100566"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534579/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/100563"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00883"
},
{
"db": "VULHUB",
"id": "VHN-79398"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-035"
},
{
"db": "NVD",
"id": "CVE-2015-1437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00883"
},
{
"db": "VULHUB",
"id": "VHN-79398"
},
{
"db": "BID",
"id": "72369"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-035"
},
{
"db": "NVD",
"id": "CVE-2015-1437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00883"
},
{
"date": "2015-02-04T00:00:00",
"db": "VULHUB",
"id": "VHN-79398"
},
{
"date": "2015-01-29T00:00:00",
"db": "BID",
"id": "72369"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001451"
},
{
"date": "2015-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-035"
},
{
"date": "2015-02-04T16:59:03.123000",
"db": "NVD",
"id": "CVE-2015-1437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00883"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-79398"
},
{
"date": "2015-02-09T00:01:00",
"db": "BID",
"id": "72369"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001451"
},
{
"date": "2015-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-035"
},
{
"date": "2024-11-21T02:25:25.700000",
"db": "NVD",
"id": "CVE-2015-1437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-035"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asus RT-N10 Plus D1 Router firmware cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001451"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-035"
}
],
"trust": 0.6
}
}