CVSS: 10.0EPSS: 65%CPEs: 2EXPL: 4CVE-2018-14714 – ASUS RT-AC3200 3.0.0.4.382.50010 Command Injection
https://notcve.org/view.php?id=CVE-2018-14714
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter. La inyección de comandos de sistema en appGet.cgi en ASUS RT-AC3200 versión 3.0.0.4.382.50010, permite a atacantes ejecutar comandos del sistema mediante el parámetro de URL "load_script". • https://github.com/BTtea/CVE-2018-14714-RCE_exploit https://github.com/tin-z/CVE-2018-14714-POC https://github.com/sunn1day/CVE-2018-14714-POC https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8 •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14713
https://notcve.org/view.php?id=CVE-2018-14713
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter. La vulnerabilidad de cadena de formato en appGet.cgi en ASUS RT-AC3200 versión 3.0.0.4.382.50010, permite a los atacantes leer secciones arbitrarias de memoria y registros de la CPU mediante el parámetro URL "hook". • https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14712
https://notcve.org/view.php?id=CVE-2018-14712
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter. Una vulnerabilidad de desbordamiento de búfer en appGet.cgi en ASUS RT-AC3200 versión 3.0.0.4.382.50010, permite a los atacantes inyectar comandos del sistema por medio del parámetro de URL "hook". • https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14711
https://notcve.org/view.php?id=CVE-2018-14711
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs. Una vulnerabilidad en la falta la protección para cross-site request forgery en appGet.cgi en ASUS RT-AC3200 versión 3.0.0.4.382.50010, permite a los atacantes generar acciones de cambio de estado con URL especialmente creadas. • https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14710
https://notcve.org/view.php?id=CVE-2018-14710
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter. Una vulnerabilidad de tipo Cross-site scripting en appGet.cgi en ASUS RT-AC3200 versión 3.0.0.4.382.50010, permiten a los atacantes ejecutar JavaScript mediante el parámetro URL "hook". • https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •