CVE-2018-9285
ASUS TM-AC1900 Arbitrary Command Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
Main_Analysis_Content.asp en /apply.cgi en dispositivos ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900 y en dispositivos RT-AC3100 en versiones anteriores a la 3.0.0.4.384_10007; dispositivos RT-N18U en versiones anteriores a la 3.0.0.4.382.39935; dispositivos RT-AC87U y RT-AC3200 en versiones anteriores a la 3.0.0.4.382.50010; y dispositivos RT-AC5300 en versiones anteriores a la 3.0.0.4.384.20287 permite la inyección de comandos del sistema operativo mediante los campos pingCNT y destIP de la variable SystemCmd.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-04-04 CVE Reserved
- 2018-04-04 CVE Published
- 2023-11-22 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html | X_refsource_misc | |
https://fortiguard.com/zeroday/FG-VD-17-216 | Third Party Advisory | |
https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Asus Search vendor "Asus" | Rt-ac66u Firmware Search vendor "Asus" for product "Rt-ac66u Firmware" | < 3.0.0.4.384.10007 Search vendor "Asus" for product "Rt-ac66u Firmware" and version " < 3.0.0.4.384.10007" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac66u Search vendor "Asus" for product "Rt-ac66u" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac68u Firmware Search vendor "Asus" for product "Rt-ac68u Firmware" | < 3.0.0.4.384.10007 Search vendor "Asus" for product "Rt-ac68u Firmware" and version " < 3.0.0.4.384.10007" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac68u Search vendor "Asus" for product "Rt-ac68u" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac86u Firmware Search vendor "Asus" for product "Rt-ac86u Firmware" | < 3.0.0.4.384.10007 Search vendor "Asus" for product "Rt-ac86u Firmware" and version " < 3.0.0.4.384.10007" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac86u Search vendor "Asus" for product "Rt-ac86u" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac88u Firmware Search vendor "Asus" for product "Rt-ac88u Firmware" | < 3.0.0.4.384.10007 Search vendor "Asus" for product "Rt-ac88u Firmware" and version " < 3.0.0.4.384.10007" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac88u Search vendor "Asus" for product "Rt-ac88u" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac1900 Firmware Search vendor "Asus" for product "Rt-ac1900 Firmware" | < 3.0.0.4.384.10007 Search vendor "Asus" for product "Rt-ac1900 Firmware" and version " < 3.0.0.4.384.10007" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac1900 Search vendor "Asus" for product "Rt-ac1900" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac2900 Firmware Search vendor "Asus" for product "Rt-ac2900 Firmware" | < 3.0.0.4.384.10007 Search vendor "Asus" for product "Rt-ac2900 Firmware" and version " < 3.0.0.4.384.10007" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac2900 Search vendor "Asus" for product "Rt-ac2900" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac3100 Firmware Search vendor "Asus" for product "Rt-ac3100 Firmware" | < 3.0.0.4.384.10007 Search vendor "Asus" for product "Rt-ac3100 Firmware" and version " < 3.0.0.4.384.10007" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac3100 Search vendor "Asus" for product "Rt-ac3100" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-n18u Firmware Search vendor "Asus" for product "Rt-n18u Firmware" | < 3.0.0.4.382.39935 Search vendor "Asus" for product "Rt-n18u Firmware" and version " < 3.0.0.4.382.39935" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-n18u Search vendor "Asus" for product "Rt-n18u" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac87u Firmware Search vendor "Asus" for product "Rt-ac87u Firmware" | < 3.0.0.4.382.50010 Search vendor "Asus" for product "Rt-ac87u Firmware" and version " < 3.0.0.4.382.50010" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac87u Search vendor "Asus" for product "Rt-ac87u" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac3200 Firmware Search vendor "Asus" for product "Rt-ac3200 Firmware" | < 3.0.0.4.382.50010 Search vendor "Asus" for product "Rt-ac3200 Firmware" and version " < 3.0.0.4.382.50010" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac3200 Search vendor "Asus" for product "Rt-ac3200" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac5300 Firmware Search vendor "Asus" for product "Rt-ac5300 Firmware" | < 3.0.0.4.384.20287 Search vendor "Asus" for product "Rt-ac5300 Firmware" and version " < 3.0.0.4.384.20287" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac5300 Search vendor "Asus" for product "Rt-ac5300" | - | - |
Safe
|