// For flags

CVE-2018-15887

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.

Main_Analysis_Content.asp en ASUS DSL-N12E_C1 1.1.2.3_345 es propenso a una ejecución remota autenticada de comandos, lo que permite que un atacante remoto ejecute comandos arbitrarios del sistema operativo mediante parámetros del servicio, como metacaracteres shell en el parámetro destIP de una petición cmdMethod=ping.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-08-26 CVE Reserved
  • 2018-08-27 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-10-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Asus
Search vendor "Asus"
Dsl-n12e C1 Firmware
Search vendor "Asus" for product "Dsl-n12e C1 Firmware"
1.1.2.3_345
Search vendor "Asus" for product "Dsl-n12e C1 Firmware" and version "1.1.2.3_345"
-
Affected
in Asus
Search vendor "Asus"
Dsl-n12e C1
Search vendor "Asus" for product "Dsl-n12e C1"
--
Safe