fkie_nvd - fkie_cve-2018-20334

fkie_cve-2018-20334

Vulnerability from fkie_nvd

Published

2020-03-20 01:15

Modified

2024-11-21 04:01

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.

References

▼	URL	Tags
	cve@mitre.org	https://starlabs.sg/advisories/18-20334/	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://starlabs.sg/advisories/18-20334/	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
asus	asuswrt	3.0.0.4.384.20308
asus	gt-ac2900	-
asus	gt-ac5300	-
asus	gt-ax11000	-
asus	rt-ac1200	-
asus	rt-ac1200_v2	-
asus	rt-ac1200g	-
asus	rt-ac1200ge	-
asus	rt-ac1750	-
asus	rt-ac1750_b1	-
asus	rt-ac1900p	-
asus	rt-ac3100	-
asus	rt-ac3200	-
asus	rt-ac51u	-
asus	rt-ac5300	-
asus	rt-ac55u	-
asus	rt-ac56r	-
asus	rt-ac56s	-
asus	rt-ac56u	-
asus	rt-ac66r	-
asus	rt-ac66u	-
asus	rt-ac66u-b1	-
asus	rt-ac66u_b1	-
asus	rt-ac68p	-
asus	rt-ac68u	-
asus	rt-ac86u	-
asus	rt-ac87u	-
asus	rt-ac88u	-
asus	rt-acrh12	-
asus	rt-acrh13	-
asus	rt-ax3000	-
asus	rt-ax56u	-
asus	rt-ax58u	-
asus	rt-ax88u	-
asus	rt-ax92u	-
asus	rt-g32	-
asus	rt-n10\+d1	-
asus	rt-n10e	-
asus	rt-n14u	-
asus	rt-n16	-
asus	rt-n19	-
asus	rt-n56r	-
asus	rt-n56u	-
asus	rt-n600	-
asus	rt-n65u	-
asus	rt-n66r	-
asus	rt-n66u	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F4DB439-E9CC-4BA5-9A05-B51BF8DCD038",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B581C286-7C47-42BF-8876-243285409374",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D2B9867-7DA3-4221-9148-36FD412FA993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE19DF1-EB89-4CE5-956F-79BD4AD5E52F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80BBA2CB-3DD3-4A8F-9556-E845AFAB2043",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF74439-AD6D-4BBB-9254-640170FE1CF3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2078161F-17EB-45EE-BCE9-C86B3860FD5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59001E8D-E835-464A-915A-AAF59F2F397F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51FC355D-5C81-4041-B649-EB271CA55AFD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E5EEF4-D19B-41D1-86B6-F2CBB745570E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9B17C2B-A1EC-4FC1-8AB1-F35D9E3A0AA2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55EE62D6-1E29-4E84-8944-D3D68E212140",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C7DF43D-7EEE-405C-BB2B-822936BCB4A0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E32874C8-05B6-44A1-B118-DC2F4FE62134",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E87BA7-FACD-46B2-BE2A-9EFEA3C62C17",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D59C40A-D9BA-455B-9F9E-D3B6FB80BC13",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD103F76-C432-4577-8465-831E0314D8D4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F6B0EC4-797D-4059-AA90-EC09A49FE105",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5713F0F3-B616-42B7-A0D8-7983F00E79FE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81008E66-B5E8-4DE5-B14D-E6983C69BC29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF9FF00-2DDC-4900-8A93-A51E41EA5C17",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "41AF79B6-D208-4357-A08D-D1AB6F136F59",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AD16BBF-DB02-4E96-A310-82C13898B29D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8794D4A-5E8C-432D-A2FB-9CF86158E8D5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFCC588-AAA6-45FA-8D1F-E57C7693D27A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85B0C29C-29A5-4659-8D76-9241B13682DF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E016FE0-0A28-49AA-A213-38A5F7728FE2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "507A5D4D-CAF9-4417-9EA6-B499E04D1CDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C092D3-14B2-4DBB-8C20-D15F0BA33FA8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "481C7F6F-23A4-4B8B-8E14-44ADFCBE8C58",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5567C97-0AE2-429B-B4D7-1CF501BD2C07",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB4466BA-09EB-43F0-9610-6574F10B5810",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en ASUSWRT versi\u00f3n 3.0.0.4.384.20308. Al procesar los datos POST del archivo /start_apply.htm, se presenta un problema de inyecci\u00f3n de comandos por medio de metacaracteres de shell en el par\u00e1metro fb_email. Al usar este problema, un atacante puede controlar el enrutador y conseguir la shell."
    }
  ],
  "id": "CVE-2018-20334",
  "lastModified": "2024-11-21T04:01:15.487",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-20T01:15:22.357",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://starlabs.sg/advisories/18-20334/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://starlabs.sg/advisories/18-20334/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2018-20334

Vulnerability from cvelistv5

Published

2020-03-20 00:11

Modified

2024-08-05 11:58