Published: 04/04/2018 Updated: 13/11/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices prior to 3.0.0.4.384_10007; RT-N18U devices prior to 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices prior to 3.0.0.4.382.50010; and RT-AC5300 devices prior to 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asus rt-ac66u_firmware
asus rt-ac68u_firmware
asus rt-ac86u_firmware
asus rt-ac88u_firmware
asus rt-ac1900_firmware
asus rt-ac2900_firmware
asus rt-ac3100_firmware
asus rt-n18u_firmware
asus rt-ac87u_firmware
asus rt-ac3200_firmware
asus rt-ac5300_firmware

This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /applycgi which bypasses the patch for CVE-2018-9285 ...

CWE-78 https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html https://fortiguard.com/zeroday/FG-VD-17-216 http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-9285

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect