CVE-2018-20334
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
Se detectó un problema en ASUSWRT versión 3.0.0.4.384.20308. Al procesar los datos POST del archivo /start_apply.htm, se presenta un problema de inyección de comandos por medio de metacaracteres de shell en el parámetro fb_email. Al usar este problema, un atacante puede controlar el enrutador y conseguir la shell.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-21 CVE Reserved
- 2020-03-20 CVE Published
- 2023-11-17 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://starlabs.sg/advisories/18-20334 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-ac2900 Search vendor "Asus" for product "Gt-ac2900" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-ac5300 Search vendor "Asus" for product "Gt-ac5300" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Gt-ax11000 Search vendor "Asus" for product "Gt-ax11000" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac1200 Search vendor "Asus" for product "Rt-ac1200" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac1200 V2 Search vendor "Asus" for product "Rt-ac1200 V2" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac1200g Search vendor "Asus" for product "Rt-ac1200g" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac1200ge Search vendor "Asus" for product "Rt-ac1200ge" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac1750 Search vendor "Asus" for product "Rt-ac1750" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac1750 B1 Search vendor "Asus" for product "Rt-ac1750 B1" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac1900p Search vendor "Asus" for product "Rt-ac1900p" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac3100 Search vendor "Asus" for product "Rt-ac3100" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac3200 Search vendor "Asus" for product "Rt-ac3200" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac51u Search vendor "Asus" for product "Rt-ac51u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac5300 Search vendor "Asus" for product "Rt-ac5300" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac55u Search vendor "Asus" for product "Rt-ac55u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac56r Search vendor "Asus" for product "Rt-ac56r" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac56s Search vendor "Asus" for product "Rt-ac56s" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac56u Search vendor "Asus" for product "Rt-ac56u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac66r Search vendor "Asus" for product "Rt-ac66r" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac66u Search vendor "Asus" for product "Rt-ac66u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac66u-b1 Search vendor "Asus" for product "Rt-ac66u-b1" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac66u B1 Search vendor "Asus" for product "Rt-ac66u B1" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac68p Search vendor "Asus" for product "Rt-ac68p" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac68u Search vendor "Asus" for product "Rt-ac68u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac86u Search vendor "Asus" for product "Rt-ac86u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac87u Search vendor "Asus" for product "Rt-ac87u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac88u Search vendor "Asus" for product "Rt-ac88u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-acrh12 Search vendor "Asus" for product "Rt-acrh12" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-acrh13 Search vendor "Asus" for product "Rt-acrh13" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax3000 Search vendor "Asus" for product "Rt-ax3000" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax56u Search vendor "Asus" for product "Rt-ax56u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax58u Search vendor "Asus" for product "Rt-ax58u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax88u Search vendor "Asus" for product "Rt-ax88u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax92u Search vendor "Asus" for product "Rt-ax92u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-g32 Search vendor "Asus" for product "Rt-g32" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n10\+d1 Search vendor "Asus" for product "Rt-n10\+d1" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n10e Search vendor "Asus" for product "Rt-n10e" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n14u Search vendor "Asus" for product "Rt-n14u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n16 Search vendor "Asus" for product "Rt-n16" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n19 Search vendor "Asus" for product "Rt-n19" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n56r Search vendor "Asus" for product "Rt-n56r" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n56u Search vendor "Asus" for product "Rt-n56u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n600 Search vendor "Asus" for product "Rt-n600" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n65u Search vendor "Asus" for product "Rt-n65u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n66r Search vendor "Asus" for product "Rt-n66r" | - | - |
Safe
|
| Asus Search vendor "Asus" | Asuswrt Search vendor "Asus" for product "Asuswrt" | 3.0.0.4.384.20308 Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n66u Search vendor "Asus" for product "Rt-n66u" | - | - |
Safe
|