CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8877
https://notcve.org/view.php?id=CVE-2018-8877
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. Una divulgación de información en Asuswrt-Merlin firmware para dispositivos ASUS versiones de firmware anteriores a 384.4 y ASUS versiones de firmware anteriores a 3.0.0.4.382.50470, para dispositivos permite a atacantes remotos adquirir información sobre los rangos de direcciones IP de la red interna al leer la variable new_lan_ip en la página error_page.htm. • https://github.com/outofhere/Research/blob/master/2018/Asus/cve_notes.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-20336
https://notcve.org/view.php?id=CVE-2018-20336
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak. Se detectó un problema en ASUSWRT versión 3.0.0.4.384.20308. Se presenta un problema de desbordamiento del búfer en la región stack de la memoria en la función parse_req_queries en el archivo wanduck.c mediante una cadena larga sobre UDP, lo que puede conllevar a una fuga de información. • https://starlabs.sg/advisories/18-20336 https://www.asus.com/Networking/RT-AC1200G-plus/HelpDesk_BIOS • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 25%CPEs: 1EXPL: 5CVE-2018-5999 – AsusWRT LAN - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-5999
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails. Se ha descubierto un problema en versiones anteriores a la 3.0.0.4.384_10007 de AsusWRT. En la función handle_request en router/httpd/httpd.c, el procesamiento de peticiones POST continúa incluso aunque falle la autenticación. AsusWRT Router versions prior to 3.0.0.4.380.7743 suffer from an unauthenticated LAN remote code execution vulnerability. • https://www.exploit-db.com/exploits/44176 https://www.exploit-db.com/exploits/43881 https://blogs.securiteam.com/index.php/archives/3589 https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb https://raw.githubusercontent.com/pedrib/PoC/master/advisories/asuswrt-lan-rce.txt https://seclists.org/fulldisclosure/2018/Jan/78 •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 5CVE-2018-6000 – AsusWRT LAN - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-6000
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999. Se ha descubierto un problema en versiones anteriores a la 3.0.0.4.384_10007 de AsusWRT. La función do_vpnupload_post en router/httpd/web.c en vpnupload.cgi proporciona funcionalidades para establecer valores de configuración NVRAM, lo que permite que atacantes establezcan la contraseña de administrador e inicien un demonio SSH (o permitan el modo de comandos infosvr) y, en consecuencia, obtengan acceso remoto administrativo mediante una petición manipulada. • https://www.exploit-db.com/exploits/44176 https://www.exploit-db.com/exploits/43881 https://blogs.securiteam.com/index.php/archives/3589 https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb https://raw.githubusercontent.com/pedrib/PoC/master/advisories/asuswrt-lan-rce.txt https://seclists.org/fulldisclosure/2018/Jan/78 • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15654 – ASUSWRT 3.0.0.4.382.18495 Session Hijacking / Information Disclosure
https://notcve.org/view.php?id=CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. Los tokens de sesión altamente predecibles en el servidor HTTPd en todas las versiones actuales (iguales o inferiores a 3.0.0.4.380.7743) de Asus asuswrt permiten obtener acceso administrativo al router. ASUSWRT versions 3.0.0.4.382.18495 and below suffer from predictable session tokens, failed IP validation, plain text password storage, and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html http://seclists.org/fulldisclosure/2018/Jan/63 • CWE-330: Use of Insufficiently Random Values •