CWE
78 77
Advisory Published
Updated

CVE-2018-20334: OS Command Injection

First published: Fri Mar 20 2020(Updated: )

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Asus asuswrt=3.0.0.4.384.20308
ASUS GT-AC2900
ASUS GT-AC5300
Asus Gt-ax11000
Asus Rt-ac1200
Asus Rt-ac1200 V2
Asus Rt-ac1200g
Asus Rt-ac1200ge
Asus Rt-ac1750
Asus Rt-ac1750 B1
ASUS RT-AC1900P
Asus Rt-ac3100
ASUS RT-AC3200
ASUS RT-AC51U
Asus Rt-ac5300
Asus Rt-ac55u
Asus Rt-ac56r
Asus Rt-ac56s
Asus Rt-ac56u
Asus Rt-ac66r
ASUS RT-AC66U
Asus Rt-ac66u-b1
ASUS RT-AC66U B1
Asus Rt-ac68p
ASUS RT-AC68U
ASUS RT-AC86U
ASUS RT-AC87U
Asus Rt-ac88u
Asus Rt-acrh12
Asus Rt-acrh13
ASUS RT-AX3000
ASUS RT-AX56U
Asus Rt-ax58u
ASUS RT-AX88U
ASUS RT-AX92U
ASUS RT-G32
Asus Rt-n10\+d1
ASUS RT-N10E
Asus Rt-n14u
Asus Rt-n16
Asus Rt-n19
Asus Rt-n56r
ASUS RT-N56U
Asus Rt-n600
Asus Rt-n65u
Asus Rt-n66r
Asus Rt-n66u

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2018-20334?

    CVE-2018-20334 is an issue discovered in ASUSWRT 3.0.0.4.384.20308 that allows command injection via shell metacharacters.

  • How severe is CVE-2018-20334?

    CVE-2018-20334 has a severity rating of 9.8 (critical).

  • Which software versions are affected by CVE-2018-20334?

    The ASUSWRT version 3.0.0.4.384.20308 is affected by CVE-2018-20334.

  • How can an attacker exploit CVE-2018-20334?

    An attacker can exploit CVE-2018-20334 by using shell metacharacters in the fb_email parameter to execute arbitrary commands and gain control of the router and obtain shell access.

  • Where can I find more information about CVE-2018-20334?

    You can find more information about CVE-2018-20334 at the following link: https://starlabs.sg/advisories/18-20334/

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203