CVE-2013-5948
Asus RT56U 3.0.0.4.360 - Remote Command Injection
Severity Score
8.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
La etiqueta Network Analysis (Main_Analysis_Content.asp) en los routers ASUS RT-AC68U y otros series RT con firmware anterior a 3.0.0.4.374.5047 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en el campo Target ( parámetro destIP).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-07 First Exploit
- 2013-09-27 CVE Reserved
- 2014-04-21 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Apr/59 | Mailing List |
|
| http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29 | X_refsource_confirm | |
| https://support.t-mobile.com/docs/DOC-21994 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/25998 | 2013-06-07 | |
| http://seclists.org/fulldisclosure/2014/Apr/66 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asus Search vendor "Asus" | Rt-ac68u Firmware Search vendor "Asus" for product "Rt-ac68u Firmware" | 3.0.0.4.374.4755 Search vendor "Asus" for product "Rt-ac68u Firmware" and version "3.0.0.4.374.4755" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac68u Search vendor "Asus" for product "Rt-ac68u" | - | - |
Affected
|
| Asus Search vendor "Asus" | Rt-ac68u Firmware Search vendor "Asus" for product "Rt-ac68u Firmware" | 3.0.0.4.374_4561 Search vendor "Asus" for product "Rt-ac68u Firmware" and version "3.0.0.4.374_4561" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac68u Search vendor "Asus" for product "Rt-ac68u" | - | - |
Affected
|
| Asus Search vendor "Asus" | Rt-ac68u Firmware Search vendor "Asus" for product "Rt-ac68u Firmware" | 3.0.0.4.374_4887 Search vendor "Asus" for product "Rt-ac68u Firmware" and version "3.0.0.4.374_4887" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac68u Search vendor "Asus" for product "Rt-ac68u" | - | - |
Affected
|
| T-mobile Search vendor "T-mobile" | Tm-ac1900 Search vendor "T-mobile" for product "Tm-ac1900" | 3.0.0.4.376_3169 Search vendor "T-mobile" for product "Tm-ac1900" and version "3.0.0.4.376_3169" | - |
Affected
| ||||||