Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2018-9285

Published: 04/04/2018 Updated: 13/11/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices prior to 3.0.0.4.384_10007; RT-N18U devices prior to 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices prior to 3.0.0.4.382.50010; and RT-AC5300 devices prior to 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

asus rt-ac66u firmware

asus rt-ac68u firmware

asus rt-ac86u firmware

asus rt-ac88u firmware

asus rt-ac1900 firmware

asus rt-ac2900 firmware

asus rt-ac3100 firmware

asus rt-n18u firmware

asus rt-ac87u firmware

asus rt-ac3200 firmware

asus rt-ac5300 firmware

Exploits

Exploit DB: ASUS TM-AC1900 Arbitrary Command Execution
This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /applycgi which bypasses the patch for CVE-2018-9285 ...

References

CWE-78https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.htmlhttps://fortiguard.com/zeroday/FG-VD-17-216http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995CVE-2024-36680CVE-2024-35537unauthorizedCVE-2024-21518CVE-2024-37673cross-site scriptingSSRFCVE-2024-6241
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook