7.8
CWE
20
Advisory Published
Updated

CVE-2018-20335: Input Validation

First published: Fri Mar 20 2020(Updated: )

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Asus asuswrt=3.0.0.4.384.20308
ASUS GT-AC2900
ASUS GT-AC5300
Asus Gt-ax11000
Asus Rt-ac1200
Asus Rt-ac1200 V2
Asus Rt-ac1200g
Asus Rt-ac1200ge
Asus Rt-ac1750
Asus Rt-ac1750 B1
ASUS RT-AC1900P
Asus Rt-ac3100
ASUS RT-AC3200
ASUS RT-AC51U
Asus Rt-ac5300
Asus Rt-ac55u
Asus Rt-ac56r
Asus Rt-ac56s
Asus Rt-ac56u
Asus Rt-ac66r
ASUS RT-AC66U
Asus Rt-ac66u-b1
ASUS RT-AC66U B1
Asus Rt-ac68p
ASUS RT-AC68U
ASUS RT-AC86U
ASUS RT-AC87U
Asus Rt-ac88u
Asus Rt-acrh12
Asus Rt-acrh13
ASUS RT-AX3000
ASUS RT-AX56U
Asus Rt-ax58u
ASUS RT-AX88U
ASUS RT-AX92U
ASUS RT-G32
Asus Rt-n10\+d1
ASUS RT-N10E
Asus Rt-n14u
Asus Rt-n16
Asus Rt-n19
Asus Rt-n56r
ASUS RT-N56U
Asus Rt-n600
Asus Rt-n65u
Asus Rt-n66r
Asus Rt-n66u

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID?

    The vulnerability ID is CVE-2018-20335.

  • What is the severity of CVE-2018-20335?

    The severity of CVE-2018-20335 is high, with a severity value of 7.5.

  • What does CVE-2018-20335 affect?

    CVE-2018-20335 affects ASUSWRT version 3.0.0.4.384.20308.

  • What is the impact of CVE-2018-20335?

    CVE-2018-20335 allows an unauthenticated user to trigger a Denial of Service (DoS) attack on the httpd service.

  • Is there a fix for CVE-2018-20335?

    The fix for CVE-2018-20335 may be provided by ASUS in a software update. It is recommended to check for updates from ASUS and apply them accordingly.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203