CVE-2018-20333

Published: Mar 20, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.

Affected (1)

Products: Asus: Asuswrt

Asus

1 product

Asuswrt

Configuration A

1 vulnerable · 46 platform

Vulnerable Software	Affected Versions
Asus Asuswrt	Version 3.0.0.4.384.20308

Running on/with	Platform Versions
Asus Gt Ac2900	All versions
Asus Gt Ac5300	All versions
Asus Gt Ax11000	All versions
Asus Rt Ac1200	All versions
Asus Rt Ac1200 V2	All versions
Asus Rt Ac1200g	All versions
Asus Rt Ac1200ge	All versions
Asus Rt Ac1750	All versions
Asus Rt Ac1750 B1	All versions
Asus Rt Ac1900p	All versions
Asus Rt Ac3100	All versions
Asus Rt Ac3200	All versions
Asus Rt Ac51u	All versions
Asus Rt Ac5300	All versions
Asus Rt Ac55u	All versions
Asus Rt Ac56r	All versions
Asus Rt Ac56s	All versions
Asus Rt Ac56u	All versions
Asus Rt Ac66r	All versions
Asus Rt Ac66u	All versions
Asus Rt Ac66u B1	All versions
Asus Rt Ac66u B1	All versions
Asus Rt Ac68p	All versions
Asus Rt Ac68u	All versions
Asus Rt Ac86u	All versions
Asus Rt Ac87u	All versions
Asus Rt Ac88u	All versions
Asus Rt Acrh12	All versions
Asus Rt Acrh13	All versions
Asus Rt Ax3000	All versions
Asus Rt Ax56u	All versions
Asus Rt Ax58u	All versions
Asus Rt Ax88u	All versions
Asus Rt Ax92u	All versions
Asus Rt G32	All versions
Asus Rt N10+d1	All versions
Asus Rt N10e	All versions
Asus Rt N14u	All versions
Asus Rt N16	All versions
Asus Rt N19	All versions
Asus Rt N56r	All versions
Asus Rt N56u	All versions
Asus Rt N600	All versions
Asus Rt N65u	All versions
Asus Rt N66r	All versions
Asus Rt N66u	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://starlabs.sg/advisories/18-20333/

Source: cve@mitre.org

ExploitThird Party Advisory

https://starlabs.sg/advisories/18-20333/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.