critical
10
CWE
78 77
Advisory Published
Updated

CVE-2018-20334: OS Command Injection

First published: Fri Mar 20 2020(Updated: )

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Asus asuswrt=3.0.0.4.384.20308
ASUS ROG Rapture GT-AC2900
ASUS ROG Rapture GT-AC5300
ASUS GT-AX11000 Firmware
ASUS RT-AC1200G
ASUS RT-AC1200 v2
ASUS RT-AC1200G Firmware
ASUS RT-AC1200GE
ASUS RT-AC1750 firmware
ASUS RT-AC1750
ASUS RT-AC1900P Firmware
ASUS RT-AC3100
ASUS RT-AC3200 Firmware
ASUS RT-AC51U firmware
ASUS RT-AC5300 firmware
ASUS RT-AC55U
ASUS RT-AC56R Firmware
ASUS RT-AC56S
ASUS RT-AC56U Firmware
ASUS rt-ac66r firmware
ASUS RT-AC66U firmware
ASUS RT-AC66U B1
ASUS RT-AC66U firmware
ASUS RT-AC68P Firmware
ASUS RT-AC68R
ASUS RT-AC86U firmware
ASUS RT-AC87U
ASUS RT-AC88U Firmware
ASUS RT-ACRH12
ASUS RT-ACRH13 firmware
ASUS RT-AX3000
ASUS RT-AX56U firmware
ASUS RT-AX58U Firmware
ASUS RT-AX88U Firmware
ASUS RT-AX92U Firmware
ASUS RT-G32
Asus RT-N10+ D1 firmware
ASUS RT-N10E Firmware
ASUS RT-N14U firmware
ASUS RT-N16 firmware
ASUS RT-N19 Firmware
ASUS RT-N56R
ASUS RT-N56U firmware
ASUS RT-N600 firmware
ASUS RT-N65U Firmware
ASUS RT-N66R
ASUS RT-N66U Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2018-20334?

    CVE-2018-20334 is an issue discovered in ASUSWRT 3.0.0.4.384.20308 that allows command injection via shell metacharacters.

  • How severe is CVE-2018-20334?

    CVE-2018-20334 has a severity rating of 9.8 (critical).

  • Which software versions are affected by CVE-2018-20334?

    The ASUSWRT version 3.0.0.4.384.20308 is affected by CVE-2018-20334.

  • How can an attacker exploit CVE-2018-20334?

    An attacker can exploit CVE-2018-20334 by using shell metacharacters in the fb_email parameter to execute arbitrary commands and gain control of the router and obtain shell access.

  • Where can I find more information about CVE-2018-20334?

    You can find more information about CVE-2018-20334 at the following link: https://starlabs.sg/advisories/18-20334/

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203