First published: Fri Mar 20 2020(Updated: )
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Asus asuswrt | =3.0.0.4.384.20308 | |
ASUS GT-AC2900 | ||
ASUS GT-AC5300 | ||
Asus Gt-ax11000 | ||
Asus Rt-ac1200 | ||
Asus Rt-ac1200 V2 | ||
Asus Rt-ac1200g | ||
Asus Rt-ac1200ge | ||
Asus Rt-ac1750 | ||
Asus Rt-ac1750 B1 | ||
ASUS RT-AC1900P | ||
Asus Rt-ac3100 | ||
ASUS RT-AC3200 | ||
ASUS RT-AC51U | ||
Asus Rt-ac5300 | ||
Asus Rt-ac55u | ||
Asus Rt-ac56r | ||
Asus Rt-ac56s | ||
Asus Rt-ac56u | ||
Asus Rt-ac66r | ||
ASUS RT-AC66U | ||
Asus Rt-ac66u-b1 | ||
ASUS RT-AC66U B1 | ||
Asus Rt-ac68p | ||
ASUS RT-AC68U | ||
ASUS RT-AC86U | ||
ASUS RT-AC87U | ||
Asus Rt-ac88u | ||
Asus Rt-acrh12 | ||
Asus Rt-acrh13 | ||
ASUS RT-AX3000 | ||
ASUS RT-AX56U | ||
Asus Rt-ax58u | ||
ASUS RT-AX88U | ||
ASUS RT-AX92U | ||
ASUS RT-G32 | ||
Asus Rt-n10\+d1 | ||
ASUS RT-N10E | ||
Asus Rt-n14u | ||
Asus Rt-n16 | ||
Asus Rt-n19 | ||
Asus Rt-n56r | ||
ASUS RT-N56U | ||
Asus Rt-n600 | ||
Asus Rt-n65u | ||
Asus Rt-n66r | ||
Asus Rt-n66u |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20334 is an issue discovered in ASUSWRT 3.0.0.4.384.20308 that allows command injection via shell metacharacters.
CVE-2018-20334 has a severity rating of 9.8 (critical).
The ASUSWRT version 3.0.0.4.384.20308 is affected by CVE-2018-20334.
An attacker can exploit CVE-2018-20334 by using shell metacharacters in the fb_email parameter to execute arbitrary commands and gain control of the router and obtain shell access.
You can find more information about CVE-2018-20334 at the following link: https://starlabs.sg/advisories/18-20334/