First published: Fri Mar 20 2020(Updated: )
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Asus asuswrt | =3.0.0.4.384.20308 | |
ASUS GT-AC2900 | ||
ASUS GT-AC5300 | ||
Asus Gt-ax11000 | ||
Asus Rt-ac1200 | ||
Asus Rt-ac1200 V2 | ||
Asus Rt-ac1200g | ||
Asus Rt-ac1200ge | ||
Asus Rt-ac1750 | ||
Asus Rt-ac1750 B1 | ||
ASUS RT-AC1900P | ||
Asus Rt-ac3100 | ||
ASUS RT-AC3200 | ||
ASUS RT-AC51U | ||
Asus Rt-ac5300 | ||
Asus Rt-ac55u | ||
Asus Rt-ac56r | ||
Asus Rt-ac56s | ||
Asus Rt-ac56u | ||
Asus Rt-ac66r | ||
ASUS RT-AC66U | ||
Asus Rt-ac66u-b1 | ||
ASUS RT-AC66U B1 | ||
Asus Rt-ac68p | ||
ASUS RT-AC68U | ||
ASUS RT-AC86U | ||
ASUS RT-AC87U | ||
Asus Rt-ac88u | ||
Asus Rt-acrh12 | ||
Asus Rt-acrh13 | ||
ASUS RT-AX3000 | ||
ASUS RT-AX56U | ||
Asus Rt-ax58u | ||
ASUS RT-AX88U | ||
ASUS RT-AX92U | ||
ASUS RT-G32 | ||
Asus Rt-n10\+d1 | ||
ASUS RT-N10E | ||
Asus Rt-n14u | ||
Asus Rt-n16 | ||
Asus Rt-n19 | ||
Asus Rt-n56r | ||
ASUS RT-N56U | ||
Asus Rt-n600 | ||
Asus Rt-n65u | ||
Asus Rt-n66r | ||
Asus Rt-n66u |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-20333 is high, with a severity value of 7.5.
CVE-2018-20333 allows an unauthenticated user to determine if a USB device is attached to the router and if there are apps installed on the router.
No, ASUS GT-AC2900 is not vulnerable to CVE-2018-20333.
To fix CVE-2018-20333, update ASUSWRT to a version that is not affected by the vulnerability.
You can find more information about CVE-2018-20333 at the following link: [https://starlabs.sg/advisories/18-20333/](https://starlabs.sg/advisories/18-20333/)