// For flags

CVE-2018-20334

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.

Se detectó un problema en ASUSWRT versión 3.0.0.4.384.20308. Al procesar los datos POST del archivo /start_apply.htm, se presenta un problema de inyección de comandos por medio de metacaracteres de shell en el parámetro fb_email. Al usar este problema, un atacante puede controlar el enrutador y conseguir la shell.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-12-21 CVE Reserved
  • 2020-03-20 CVE Published
  • 2023-11-17 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://starlabs.sg/advisories/18-20334 2024-08-05
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Gt-ac2900
Search vendor "Asus" for product "Gt-ac2900"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Gt-ac5300
Search vendor "Asus" for product "Gt-ac5300"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Gt-ax11000
Search vendor "Asus" for product "Gt-ax11000"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac1200
Search vendor "Asus" for product "Rt-ac1200"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac1200 V2
Search vendor "Asus" for product "Rt-ac1200 V2"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac1200g
Search vendor "Asus" for product "Rt-ac1200g"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac1200ge
Search vendor "Asus" for product "Rt-ac1200ge"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac1750
Search vendor "Asus" for product "Rt-ac1750"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac1750 B1
Search vendor "Asus" for product "Rt-ac1750 B1"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac1900p
Search vendor "Asus" for product "Rt-ac1900p"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac3100
Search vendor "Asus" for product "Rt-ac3100"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac3200
Search vendor "Asus" for product "Rt-ac3200"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac51u
Search vendor "Asus" for product "Rt-ac51u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac5300
Search vendor "Asus" for product "Rt-ac5300"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac55u
Search vendor "Asus" for product "Rt-ac55u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac56r
Search vendor "Asus" for product "Rt-ac56r"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac56s
Search vendor "Asus" for product "Rt-ac56s"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac56u
Search vendor "Asus" for product "Rt-ac56u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac66r
Search vendor "Asus" for product "Rt-ac66r"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac66u
Search vendor "Asus" for product "Rt-ac66u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac66u-b1
Search vendor "Asus" for product "Rt-ac66u-b1"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac66u B1
Search vendor "Asus" for product "Rt-ac66u B1"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac68p
Search vendor "Asus" for product "Rt-ac68p"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac68u
Search vendor "Asus" for product "Rt-ac68u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac86u
Search vendor "Asus" for product "Rt-ac86u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac87u
Search vendor "Asus" for product "Rt-ac87u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ac88u
Search vendor "Asus" for product "Rt-ac88u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-acrh12
Search vendor "Asus" for product "Rt-acrh12"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-acrh13
Search vendor "Asus" for product "Rt-acrh13"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ax3000
Search vendor "Asus" for product "Rt-ax3000"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ax56u
Search vendor "Asus" for product "Rt-ax56u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ax58u
Search vendor "Asus" for product "Rt-ax58u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ax88u
Search vendor "Asus" for product "Rt-ax88u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-ax92u
Search vendor "Asus" for product "Rt-ax92u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-g32
Search vendor "Asus" for product "Rt-g32"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n10\+d1
Search vendor "Asus" for product "Rt-n10\+d1"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n10e
Search vendor "Asus" for product "Rt-n10e"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n14u
Search vendor "Asus" for product "Rt-n14u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n16
Search vendor "Asus" for product "Rt-n16"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n19
Search vendor "Asus" for product "Rt-n19"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n56r
Search vendor "Asus" for product "Rt-n56r"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n56u
Search vendor "Asus" for product "Rt-n56u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n600
Search vendor "Asus" for product "Rt-n600"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n65u
Search vendor "Asus" for product "Rt-n65u"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n66r
Search vendor "Asus" for product "Rt-n66r"
--
Safe
Asus
Search vendor "Asus"
Asuswrt
Search vendor "Asus" for product "Asuswrt"
3.0.0.4.384.20308
Search vendor "Asus" for product "Asuswrt" and version "3.0.0.4.384.20308"
-
Affected
in Asus
Search vendor "Asus"
Rt-n66u
Search vendor "Asus" for product "Rt-n66u"
--
Safe