10
CVE-2018-9285
- EPSS 2.95%
- Published 04.04.2018 19:29:00
- Last modified 21.11.2024 04:15:17
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
Data is provided by the National Vulnerability Database (NVD)
Asus ≫ Rt-ac66u Firmware Version < 3.0.0.4.384.10007
Asus ≫ Rt-ac68u Firmware Version < 3.0.0.4.384.10007
Asus ≫ Rt-ac86u Firmware Version < 3.0.0.4.384.10007
Asus ≫ Rt-ac88u Firmware Version < 3.0.0.4.384.10007
Asus ≫ Rt-ac1900 Firmware Version < 3.0.0.4.384.10007
Asus ≫ Rt-ac2900 Firmware Version < 3.0.0.4.384.10007
Asus ≫ Rt-ac3100 Firmware Version < 3.0.0.4.384.10007
Asus ≫ Rt-n18u Firmware Version < 3.0.0.4.382.39935
Asus ≫ Rt-ac87u Firmware Version < 3.0.0.4.382.50010
Asus ≫ Rt-ac3200 Firmware Version < 3.0.0.4.382.50010
Asus ≫ Rt-ac5300 Firmware Version < 3.0.0.4.384.20287
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.95% | 0.86 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.