← Back

CVE-2018-9285

nvd nist
Published: Apr 4, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.

Affected (11)

Asus
11 products
Rt Ac66u Firmware
Rt Ac68u Firmware
Rt Ac86u Firmware
Rt Ac88u Firmware
Rt Ac1900 Firmware
Rt Ac2900 Firmware
Rt Ac3100 Firmware
Rt N18u Firmware
Rt Ac87u Firmware
Rt Ac3200 Firmware
Rt Ac5300 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac66u Firmware
Before 3.0.0.4.384.10007
Running on/withPlatform Versions
Asus
Rt Ac66u
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac68u Firmware
Before 3.0.0.4.384.10007
Running on/withPlatform Versions
Asus
Rt Ac68u
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac86u Firmware
Before 3.0.0.4.384.10007
Running on/withPlatform Versions
Asus
Rt Ac86u
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac88u Firmware
Before 3.0.0.4.384.10007
Running on/withPlatform Versions
Asus
Rt Ac88u
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac1900 Firmware
Before 3.0.0.4.384.10007
Running on/withPlatform Versions
Asus
Rt Ac1900
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac2900 Firmware
Before 3.0.0.4.384.10007
Running on/withPlatform Versions
Asus
Rt Ac2900
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac3100 Firmware
Before 3.0.0.4.384.10007
Running on/withPlatform Versions
Asus
Rt Ac3100
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N18u Firmware
Before 3.0.0.4.382.39935
Running on/withPlatform Versions
Asus
Rt N18u
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac87u Firmware
Before 3.0.0.4.382.50010
Running on/withPlatform Versions
Asus
Rt Ac87u
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac3200 Firmware
Before 3.0.0.4.382.50010
Running on/withPlatform Versions
Asus
Rt Ac3200
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac5300 Firmware
Before 3.0.0.4.384.20287
Running on/withPlatform Versions
Asus
Rt Ac5300
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.