CVE-2018-15887
https://notcve.org/view.php?id=CVE-2018-15887
Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. Main_Analysis_Content.asp en ASUS DSL-N12E_C1 1.1.2.3_345 es propenso a una ejecución remota autenticada de comandos, lo que permite que un atacante remoto ejecute comandos arbitrarios del sistema operativo mediante parámetros del servicio, como metacaracteres shell en el parámetro destIP de una petición cmdMethod=ping. • https://fakhrizulkifli.github.io/CVE-2018-15887.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •