Search criteria
40 vulnerabilities found for asuswrt by asus
VAR-202207-2002
Vulnerability from variot - Updated: 2023-12-18 13:46A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. ASUSTeK Computer Inc. of ASUSWRT Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ASUS Asuswrt-Merlin is a firmware running in the routers of ASUS Corporation of Taiwan, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-2002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax82u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_49380"
},
{
"model": "tuf-ax3000 v2",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48750"
},
{
"model": "asuswrt",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48706"
},
{
"model": "gt-ax11000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_49559"
},
{
"model": "xt12",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48823"
},
{
"model": "xd6",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_49356"
},
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_49559"
},
{
"model": "gt-axe16000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48786"
},
{
"model": "rt-ax56u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_49559"
},
{
"model": "new gen",
"scope": "lt",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "386.7"
},
{
"model": "gt-ax6000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48823"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48908"
},
{
"model": "et12",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48823"
},
{
"model": "xd4",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48790"
},
{
"model": "xt9",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.388_20027"
},
{
"model": "xt8",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48706"
},
{
"model": "rt-ax68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_49479"
},
{
"model": "gt-ax11000 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_48996"
},
{
"model": "rt-ax86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386_49447"
},
{
"model": "gt-ax11000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "xt8",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax86u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "et12",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "xd6",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "xt12",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "new gen",
"scope": null,
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": null
},
{
"model": "gt-ax11000 pro",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "xt9",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "gt-ax6000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "gt-axe16000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "asuswrt",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "xd4",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax68u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax56u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax55",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "tuf-ax3000 v2",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax82u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax58u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014335"
},
{
"db": "NVD",
"id": "CVE-2022-26376"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asuswrt-merlin:new_gen:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "386.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:xt8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:xt8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:tuf-ax3000_v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48750",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:tuf-ax3000_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:xd4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48790",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:xd4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:et12_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48823",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:et12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:gt-ax6000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48823",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ax6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:xt12_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48823",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:xt12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48908",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:xt9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.388_20027",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:xt9:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:xd6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_49356",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:xd6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:gt-ax11000_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48996",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ax11000_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:gt-axe16000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_48786",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:gt-axe16000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_49447",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:rt-ax68u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_49479",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax68u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:rt-ax82u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_49380",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:rt-ax56u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_49559",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_49559",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:gt-ax11000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.386_49559",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26376"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
],
"trust": 0.6
},
"cve": "CVE-2022-26376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26376",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26376",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-26376",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-2567",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014335"
},
{
"db": "NVD",
"id": "CVE-2022-26376"
},
{
"db": "NVD",
"id": "CVE-2022-26376"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. ASUSTeK Computer Inc. of ASUSWRT Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ASUS Asuswrt-Merlin is a firmware running in the routers of ASUS Corporation of Taiwan, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26376"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014335"
},
{
"db": "VULHUB",
"id": "VHN-419844"
},
{
"db": "VULMON",
"id": "CVE-2022-26376"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26376",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2022-1511",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014335",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2567",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-419844",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26376",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419844"
},
{
"db": "VULMON",
"id": "CVE-2022-26376"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014335"
},
{
"db": "NVD",
"id": "CVE-2022-26376"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
]
},
"id": "VAR-202207-2002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419844"
}
],
"trust": 0.6533004960000001
},
"last_update_date": "2023-12-18T13:46:33.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUS Asuswrt-Merlin Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=203947"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419844"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014335"
},
{
"db": "NVD",
"id": "CVE-2022-26376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1511"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26376"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26376/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419844"
},
{
"db": "VULMON",
"id": "CVE-2022-26376"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014335"
},
{
"db": "NVD",
"id": "CVE-2022-26376"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419844"
},
{
"db": "VULMON",
"id": "CVE-2022-26376"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014335"
},
{
"db": "NVD",
"id": "CVE-2022-26376"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-419844"
},
{
"date": "2022-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26376"
},
{
"date": "2023-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014335"
},
{
"date": "2022-08-05T22:15:11.143000",
"db": "NVD",
"id": "CVE-2022-26376"
},
{
"date": "2022-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-419844"
},
{
"date": "2022-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26376"
},
{
"date": "2023-09-15T08:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-014335"
},
{
"date": "2022-12-02T20:08:05.937000",
"db": "NVD",
"id": "CVE-2022-26376"
},
{
"date": "2022-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSTeK\u00a0Computer\u00a0Inc.\u00a0 of \u00a0ASUSWRT\u00a0 Out-of-Bounds Write Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014335"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2567"
}
],
"trust": 0.6
}
}
VAR-202003-1275
Vulnerability from variot - Updated: 2023-12-18 13:28An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. ASUSWRT There is an information leakage vulnerability in.Information may be obtained. ASUSWRT is a firmware that runs in its router from Taiwan's ASUS Corporation (ASUS).
ASUSWRT 3.0.0.4.384.20308 has a security hole
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.384.20308"
},
{
"model": "asuswrt",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.384.20308"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"db": "NVD",
"id": "CVE-2018-20333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20333"
}
]
},
"cve": "CVE-2018-20333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016241",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19211",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016241",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20333",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2018-016241",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19211",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1247",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"db": "NVD",
"id": "CVE-2018-20333"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router. ASUSWRT There is an information leakage vulnerability in.Information may be obtained. ASUSWRT is a firmware that runs in its router from Taiwan\u0027s ASUS Corporation (ASUS). \n\r\n\r\nASUSWRT 3.0.0.4.384.20308 has a security hole",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"db": "CNVD",
"id": "CNVD-2020-19211"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20333",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016241",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-19211",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1247",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"db": "NVD",
"id": "CVE-2018-20333"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
]
},
"id": "VAR-202003-1275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19211"
}
],
"trust": 1.2166667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19211"
}
]
},
"last_update_date": "2023-12-18T13:28:11.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.asus.com/us/"
},
{
"title": "Patch for ASUSWRT information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/210713"
},
{
"title": "ASUSWRT Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112731"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"db": "NVD",
"id": "CVE-2018-20333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://starlabs.sg/advisories/18-20333/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20333"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20333"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"db": "NVD",
"id": "CVE-2018-20333"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-19211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"db": "NVD",
"id": "CVE-2018-20333"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19211"
},
{
"date": "2020-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"date": "2020-03-20T01:15:22.267000",
"db": "NVD",
"id": "CVE-2018-20333"
},
{
"date": "2020-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19211"
},
{
"date": "2020-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016241"
},
{
"date": "2020-03-23T21:51:31.700000",
"db": "NVD",
"id": "CVE-2018-20333"
},
{
"date": "2020-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSWRT information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19211"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1247"
}
],
"trust": 0.6
}
}
VAR-202003-1277
Vulnerability from variot - Updated: 2023-12-18 13:18An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI. ASUSWRT There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. ASUSWRT is a firmware that runs in its router from Taiwan's ASUS Corporation (ASUS).
ASUSWRT 3.0.0.4.384.20308 has a security hole. An attacker can use this vulnerability to cause a denial of service with the help of /APP_Installation.asp?= URI
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.384.20308"
},
{
"model": "asuswrt",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.384.20308"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19209"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"db": "NVD",
"id": "CVE-2018-20335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20335"
}
]
},
"cve": "CVE-2018-20335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-016242",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19209",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20335",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-016242",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20335",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2018-016242",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-19209",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1244",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-20335",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19209"
},
{
"db": "VULMON",
"id": "CVE-2018-20335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"db": "NVD",
"id": "CVE-2018-20335"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1244"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI. ASUSWRT There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. ASUSWRT is a firmware that runs in its router from Taiwan\u0027s ASUS Corporation (ASUS). \n\r\n\r\nASUSWRT 3.0.0.4.384.20308 has a security hole. An attacker can use this vulnerability to cause a denial of service with the help of /APP_Installation.asp?= URI",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"db": "CNVD",
"id": "CNVD-2020-19209"
},
{
"db": "VULMON",
"id": "CVE-2018-20335"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20335",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016242",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-19209",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1244",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-20335",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19209"
},
{
"db": "VULMON",
"id": "CVE-2018-20335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"db": "NVD",
"id": "CVE-2018-20335"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1244"
}
]
},
"id": "VAR-202003-1277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19209"
}
],
"trust": 1.2166667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19209"
}
]
},
"last_update_date": "2023-12-18T13:18:20.914000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT",
"trust": 0.8,
"url": "https://www.asus.com/us/asuswrt/"
},
{
"title": "Patch for ASUSWRT has an unknown vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/210719"
},
{
"title": "ASUSWRT Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112728"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19209"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"db": "NVD",
"id": "CVE-2018-20335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://starlabs.sg/advisories/18-20335/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20335"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20335"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19209"
},
{
"db": "VULMON",
"id": "CVE-2018-20335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"db": "NVD",
"id": "CVE-2018-20335"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1244"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-19209"
},
{
"db": "VULMON",
"id": "CVE-2018-20335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"db": "NVD",
"id": "CVE-2018-20335"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1244"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19209"
},
{
"date": "2020-03-20T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20335"
},
{
"date": "2020-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"date": "2020-03-20T01:15:22.453000",
"db": "NVD",
"id": "CVE-2018-20335"
},
{
"date": "2020-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1244"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19209"
},
{
"date": "2020-03-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20335"
},
{
"date": "2020-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016242"
},
{
"date": "2020-03-24T16:22:43.537000",
"db": "NVD",
"id": "CVE-2018-20335"
},
{
"date": "2020-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1244"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1244"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSWRT Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016242"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1244"
}
],
"trust": 0.6
}
}
VAR-201801-0537
Vulnerability from variot - Updated: 2023-12-18 13:02Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages. Asus asuswrt Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. An attacker could exploit the vulnerability to remotely execute code with administrator privileges. HTTPd server is one of the HTTP servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0537",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.378"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.376.x"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.376.x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.378",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blazej Adamczyk",
"sources": [
{
"db": "PACKETSTORM",
"id": "145921"
}
],
"trust": 0.1
},
"cve": "CVE-2017-15655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-15655",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-02920",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-106499",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-15655",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-15655",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-02920",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1109",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-106499",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version \u003c=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages. Asus asuswrt Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. An attacker could exploit the vulnerability to remotely execute code with administrator privileges. HTTPd server is one of the HTTP servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15655"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15655",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "145921",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-02920",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-106499",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
]
},
"id": "VAR-201801-0537",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
}
],
"trust": 1.3166666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
}
]
},
"last_update_date": "2023-12-18T13:02:49.078000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT",
"trust": 0.8,
"url": "https://www.asus.com/asuswrt/"
},
{
"title": "Patch for Asusasuswrt Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/115867"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2018/jan/63"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/145921/asuswrt-3.0.0.4.382.18495-session-hijacking-information-disclosure.html"
},
{
"trust": 1.7,
"url": "http://sploit.tech/2018/01/16/asus-part-i.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15653"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"date": "2018-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-106499"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"date": "2018-01-16T04:44:44",
"db": "PACKETSTORM",
"id": "145921"
},
{
"date": "2018-01-31T20:29:00.350000",
"db": "NVD",
"id": "CVE-2017-15655"
},
{
"date": "2017-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"date": "2018-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-106499"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"date": "2018-02-21T15:45:01.707000",
"db": "NVD",
"id": "CVE-2017-15655"
},
{
"date": "2018-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asus asuswrt Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
],
"trust": 0.6
}
}
VAR-201801-0538
Vulnerability from variot - Updated: 2023-12-18 13:02Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. Asus asuswrt Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. A plaintext password storage vulnerability exists in Asusasuswrt 3.0.0.4.380.7743 and earlier. An attacker could exploit the vulnerability to obtain password information. HTTPd server is one of the HTTP servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0538",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.7743"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.4.380.7743",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blazej Adamczyk",
"sources": [
{
"db": "PACKETSTORM",
"id": "145921"
}
],
"trust": 0.1
},
"cve": "CVE-2017-15656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-15656",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-02921",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-106500",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-15656",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-15656",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-02921",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-106500",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Password are stored in plaintext in nvram in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt. Asus asuswrt Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. A plaintext password storage vulnerability exists in Asusasuswrt 3.0.0.4.380.7743 and earlier. An attacker could exploit the vulnerability to obtain password information. HTTPd server is one of the HTTP servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15656"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15656",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "145921",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-02921",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-106500",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
]
},
"id": "VAR-201801-0538",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
}
],
"trust": 1.3166666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
}
]
},
"last_update_date": "2023-12-18T13:02:49.047000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT",
"trust": 0.8,
"url": "https://www.asus.com/asuswrt/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2018/jan/63"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/145921/asuswrt-3.0.0.4.382.18495-session-hijacking-information-disclosure.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15656"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15653"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"db": "VULHUB",
"id": "VHN-106500"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15656"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"date": "2018-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-106500"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"date": "2018-01-16T04:44:44",
"db": "PACKETSTORM",
"id": "145921"
},
{
"date": "2018-01-31T20:29:00.413000",
"db": "NVD",
"id": "CVE-2017-15656"
},
{
"date": "2017-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02921"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-106500"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012292"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-15656"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asus asuswrt Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1108"
}
],
"trust": 0.6
}
}
VAR-201801-0536
Vulnerability from variot - Updated: 2023-12-18 13:02Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. Asus asuswrt Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. An attacker could exploit this vulnerability to gain access to the router administrator. HTTPd server is one of the HTTP servers. The vulnerability is caused by the program generating easily guessable session tokens
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0536",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.7743"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012290"
},
{
"db": "NVD",
"id": "CVE-2017-15654"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1110"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.4.380.7743",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blazej Adamczyk",
"sources": [
{
"db": "PACKETSTORM",
"id": "145921"
}
],
"trust": 0.1
},
"cve": "CVE-2017-15654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-15654",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-02919",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-106498",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-15654",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-15654",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-02919",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1110",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-106498",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"db": "VULHUB",
"id": "VHN-106498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012290"
},
{
"db": "NVD",
"id": "CVE-2017-15654"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1110"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Highly predictable session tokens in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. Asus asuswrt Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. An attacker could exploit this vulnerability to gain access to the router administrator. HTTPd server is one of the HTTP servers. The vulnerability is caused by the program generating easily guessable session tokens",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15654"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012290"
},
{
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"db": "VULHUB",
"id": "VHN-106498"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15654",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "145921",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012290",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1110",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-02919",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-106498",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"db": "VULHUB",
"id": "VHN-106498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012290"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15654"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1110"
}
]
},
"id": "VAR-201801-0536",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"db": "VULHUB",
"id": "VHN-106498"
}
],
"trust": 1.3166666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02919"
}
]
},
"last_update_date": "2023-12-18T13:02:49.110000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT",
"trust": 0.8,
"url": "https://www.asus.com/asuswrt/"
},
{
"title": "Asusasuswrt session token predictable vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/115869"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012290"
},
{
"db": "NVD",
"id": "CVE-2017-15654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2018/jan/63"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/145921/asuswrt-3.0.0.4.382.18495-session-hijacking-information-disclosure.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15654"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15653"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"db": "VULHUB",
"id": "VHN-106498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012290"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15654"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1110"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"db": "VULHUB",
"id": "VHN-106498"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012290"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15654"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1110"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"date": "2018-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-106498"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012290"
},
{
"date": "2018-01-16T04:44:44",
"db": "PACKETSTORM",
"id": "145921"
},
{
"date": "2018-01-31T20:29:00.290000",
"db": "NVD",
"id": "CVE-2017-15654"
},
{
"date": "2017-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1110"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02919"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-106498"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012290"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-15654"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1110"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1110"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asus asuswrt Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012290"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1110"
}
],
"trust": 0.6
}
}
VAR-201801-0535
Vulnerability from variot - Updated: 2023-12-18 13:02Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. ASUSWRT Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. The HTTPd server in Asusasuswrt 3.0.0.4.380.7743 and earlier has a login user IP verification vulnerability. An attacker who knows the session token can exploit the vulnerability to bypass the IP authentication mechanism and perform any action by sending a request with a special useragent. HTTPd server is one of the HTTP servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0535",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.380.7743"
},
{
"model": "asuswrt",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.4.380.7743"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012488"
},
{
"db": "NVD",
"id": "CVE-2017-15653"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1111"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:asus:asuswrt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.4.380.7743",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15653"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blazej Adamczyk",
"sources": [
{
"db": "PACKETSTORM",
"id": "145921"
}
],
"trust": 0.1
},
"cve": "CVE-2017-15653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-15653",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-02918",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-106497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-15653",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-15653",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-02918",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1111",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-106497",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-15653",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"db": "VULHUB",
"id": "VHN-106497"
},
{
"db": "VULMON",
"id": "CVE-2017-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012488"
},
{
"db": "NVD",
"id": "CVE-2017-15653"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1111"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper administrator IP validation after his login in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. ASUSWRT Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. The HTTPd server in Asusasuswrt 3.0.0.4.380.7743 and earlier has a login user IP verification vulnerability. An attacker who knows the session token can exploit the vulnerability to bypass the IP authentication mechanism and perform any action by sending a request with a special useragent. HTTPd server is one of the HTTP servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012488"
},
{
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"db": "VULHUB",
"id": "VHN-106497"
},
{
"db": "VULMON",
"id": "CVE-2017-15653"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15653",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "145921",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012488",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1111",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-02918",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-106497",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-15653",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"db": "VULHUB",
"id": "VHN-106497"
},
{
"db": "VULMON",
"id": "CVE-2017-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012488"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15653"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1111"
}
]
},
"id": "VAR-201801-0535",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"db": "VULHUB",
"id": "VHN-106497"
}
],
"trust": 1.3166666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02918"
}
]
},
"last_update_date": "2023-12-18T13:02:49.012000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT",
"trust": 0.8,
"url": "https://www.asus.com/asuswrt/"
},
{
"title": "Asusasuswrt login user IP verification vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/115871"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aoeii/asuswrt-for-tenda-ac9-router "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"db": "VULMON",
"id": "CVE-2017-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012488"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-613",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106497"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012488"
},
{
"db": "NVD",
"id": "CVE-2017-15653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2018/jan/63"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/145921/asuswrt-3.0.0.4.382.18495-session-hijacking-information-disclosure.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15653"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15655"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"db": "VULHUB",
"id": "VHN-106497"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012488"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15653"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1111"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"db": "VULHUB",
"id": "VHN-106497"
},
{
"db": "VULMON",
"id": "CVE-2017-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012488"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "NVD",
"id": "CVE-2017-15653"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1111"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"date": "2018-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-106497"
},
{
"date": "2018-01-31T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15653"
},
{
"date": "2018-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012488"
},
{
"date": "2018-01-16T04:44:44",
"db": "PACKETSTORM",
"id": "145921"
},
{
"date": "2018-01-31T20:29:00.227000",
"db": "NVD",
"id": "CVE-2017-15653"
},
{
"date": "2017-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1111"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02918"
},
{
"date": "2018-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-106497"
},
{
"date": "2018-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15653"
},
{
"date": "2018-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012488"
},
{
"date": "2018-02-27T18:31:57.083000",
"db": "NVD",
"id": "CVE-2017-15653"
},
{
"date": "2018-02-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1111"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1111"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSWRT Session expiration vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012488"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1111"
}
],
"trust": 0.6
}
}
VAR-201801-1394
Vulnerability from variot - Updated: 2023-12-18 12:44An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999. AsusWRT Contains a vulnerability related to configuration settings.CVE-2018-5999 Information is obtained, information is tampered with, and service operation is disrupted by exploiting it together with vulnerabilities (DoS) There is a possibility of being put into a state. ASUS AsusWRT is a router operating system developed by ASUS. There is a security vulnerability in the 'do_vpnupload_post' function of the router/httpd/web.c file in the vpnupload.cgi file in ASUS AsusWRT versions earlier than 3.0.0.4.384_10007
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1394",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384_10007"
},
{
"model": "asuswrt",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.384_10007"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"db": "NVD",
"id": "CVE-2018-6000"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.384_10007",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6000"
}
]
},
"cve": "CVE-2018-6000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-6000",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-136032",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6000",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6000",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-851",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136032",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-6000",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136032"
},
{
"db": "VULMON",
"id": "CVE-2018-6000"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"db": "NVD",
"id": "CVE-2018-6000"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-851"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999. AsusWRT Contains a vulnerability related to configuration settings.CVE-2018-5999 Information is obtained, information is tampered with, and service operation is disrupted by exploiting it together with vulnerabilities (DoS) There is a possibility of being put into a state. ASUS AsusWRT is a router operating system developed by ASUS. There is a security vulnerability in the \u0027do_vpnupload_post\u0027 function of the router/httpd/web.c file in the vpnupload.cgi file in ASUS AsusWRT versions earlier than 3.0.0.4.384_10007",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6000"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"db": "VULHUB",
"id": "VHN-136032"
},
{
"db": "VULMON",
"id": "CVE-2018-6000"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44176",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-136032",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136032"
},
{
"db": "VULMON",
"id": "CVE-2018-6000"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6000",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "43881",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "44176",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001661",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-851",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-136032",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6000",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136032"
},
{
"db": "VULMON",
"id": "CVE-2018-6000"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"db": "NVD",
"id": "CVE-2018-6000"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-851"
}
]
},
"id": "VAR-201801-1394",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-136032"
}
],
"trust": 0.7166667
},
"last_update_date": "2023-12-18T12:44:12.868000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT",
"trust": 0.8,
"url": "https://www.asus.com/asuswrt/"
},
{
"title": "ASUS AsusWRT Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78010"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/asus-patches-root-command-execution-flaws-haunting-over-a-dozen-router-models/129666/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-6000"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-851"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-16",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"db": "NVD",
"id": "CVE-2018-6000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://blogs.securiteam.com/index.php/archives/3589"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/44176/"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/43881/"
},
{
"trust": 1.8,
"url": "https://github.com/pedrib/poc/blob/master/advisories/asuswrt-lan-rce.txt"
},
{
"trust": 1.8,
"url": "https://raw.githubusercontent.com/pedrib/poc/master/exploits/metasploit/asuswrt_lan_rce.rb"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6000"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6000"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/862.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/linux/http/asuswrt_lan_rce"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136032"
},
{
"db": "VULMON",
"id": "CVE-2018-6000"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"db": "NVD",
"id": "CVE-2018-6000"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-851"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-136032"
},
{
"db": "VULMON",
"id": "CVE-2018-6000"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"db": "NVD",
"id": "CVE-2018-6000"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-851"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-136032"
},
{
"date": "2018-01-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6000"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"date": "2018-01-22T20:29:00.290000",
"db": "NVD",
"id": "CVE-2018-6000"
},
{
"date": "2018-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-851"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136032"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6000"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001661"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-6000"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-851"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-851"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AsusWRT Vulnerabilities in environment settings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001661"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-851"
}
],
"trust": 0.6
}
}
VAR-201801-1393
Vulnerability from variot - Updated: 2023-12-18 12:44An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails. AsusWRT Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS AsusWRT is a router operating system developed by ASUS. There is a security vulnerability in the 'handle_request' function of the router/httpd/httpd.c file in ASUS AsusWRT versions earlier than 3.0.0.4.384_10007. An attacker can exploit this vulnerability to execute a POST request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1393",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384_10007"
},
{
"model": "asuswrt",
"scope": "lt",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.384_10007"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"db": "NVD",
"id": "CVE-2018-5999"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.384_10007",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5999"
}
]
},
"cve": "CVE-2018-5999",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-5999",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-136031",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-5999",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5999",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-852",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136031",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5999",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136031"
},
{
"db": "VULMON",
"id": "CVE-2018-5999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"db": "NVD",
"id": "CVE-2018-5999"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails. AsusWRT Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS AsusWRT is a router operating system developed by ASUS. There is a security vulnerability in the \u0027handle_request\u0027 function of the router/httpd/httpd.c file in ASUS AsusWRT versions earlier than 3.0.0.4.384_10007. An attacker can exploit this vulnerability to execute a POST request",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"db": "VULHUB",
"id": "VHN-136031"
},
{
"db": "VULMON",
"id": "CVE-2018-5999"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43881",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-136031",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136031"
},
{
"db": "VULMON",
"id": "CVE-2018-5999"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5999",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "43881",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "44176",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001660",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-852",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "146102",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146560",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-136031",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5999",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136031"
},
{
"db": "VULMON",
"id": "CVE-2018-5999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"db": "NVD",
"id": "CVE-2018-5999"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-852"
}
]
},
"id": "VAR-201801-1393",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-136031"
}
],
"trust": 0.7166667
},
"last_update_date": "2023-12-18T12:44:12.839000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT",
"trust": 0.8,
"url": "https://www.asus.com/asuswrt/"
},
{
"title": "ASUS AsusWRT Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78011"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/asus-patches-root-command-execution-flaws-haunting-over-a-dozen-router-models/129666/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-852"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136031"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"db": "NVD",
"id": "CVE-2018-5999"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://blogs.securiteam.com/index.php/archives/3589"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/43881/"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/44176/"
},
{
"trust": 1.8,
"url": "https://github.com/pedrib/poc/blob/master/advisories/asuswrt-lan-rce.txt"
},
{
"trust": 1.8,
"url": "https://raw.githubusercontent.com/pedrib/poc/master/exploits/metasploit/asuswrt_lan_rce.rb"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5999"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5999"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/asus-patches-root-command-execution-flaws-haunting-over-a-dozen-router-models/129666/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136031"
},
{
"db": "VULMON",
"id": "CVE-2018-5999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"db": "NVD",
"id": "CVE-2018-5999"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-136031"
},
{
"db": "VULMON",
"id": "CVE-2018-5999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"db": "NVD",
"id": "CVE-2018-5999"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-136031"
},
{
"date": "2018-01-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5999"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"date": "2018-01-22T20:29:00.227000",
"db": "NVD",
"id": "CVE-2018-5999"
},
{
"date": "2018-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-136031"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5999"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001660"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-5999"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-852"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AsusWRT Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001660"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-852"
}
],
"trust": 0.6
}
}
VAR-202003-1276
Vulnerability from variot - Updated: 2023-12-18 11:58An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. ASUSWRT To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ASUSWRT is a firmware that runs in its router from Taiwan's ASUS Corporation (ASUS).
ASUS ASUSWRT 3.0.0.4.384.20308 has a command injection vulnerability. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1276",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.4.384.20308"
},
{
"model": "asuswrt",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.384.20308"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19210"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"db": "NVD",
"id": "CVE-2018-20334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20334"
}
]
},
"cve": "CVE-2018-20334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-016240",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19210",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20334",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-016240",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20334",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2018-016240",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-19210",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1248",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-20334",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19210"
},
{
"db": "VULMON",
"id": "CVE-2018-20334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"db": "NVD",
"id": "CVE-2018-20334"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. ASUSWRT To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ASUSWRT is a firmware that runs in its router from Taiwan\u0027s ASUS Corporation (ASUS). \n\r\n\r\nASUS ASUSWRT 3.0.0.4.384.20308 has a command injection vulnerability. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. Attackers can use this vulnerability to execute illegal commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"db": "CNVD",
"id": "CNVD-2020-19210"
},
{
"db": "VULMON",
"id": "CVE-2018-20334"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20334",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016240",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-19210",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1248",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-20334",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19210"
},
{
"db": "VULMON",
"id": "CVE-2018-20334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"db": "NVD",
"id": "CVE-2018-20334"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1248"
}
]
},
"id": "VAR-202003-1276",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19210"
}
],
"trust": 1.2166667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19210"
}
]
},
"last_update_date": "2023-12-18T11:58:37.811000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.asus.com/us/"
},
{
"title": "Patch for ASUSWRT command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/210715"
},
{
"title": "ASUS ASUSWRT Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112732"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19210"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1248"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"db": "NVD",
"id": "CVE-2018-20334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://starlabs.sg/advisories/18-20334/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20334"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20334"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19210"
},
{
"db": "VULMON",
"id": "CVE-2018-20334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"db": "NVD",
"id": "CVE-2018-20334"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-19210"
},
{
"db": "VULMON",
"id": "CVE-2018-20334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"db": "NVD",
"id": "CVE-2018-20334"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19210"
},
{
"date": "2020-03-20T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20334"
},
{
"date": "2020-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"date": "2020-03-20T01:15:22.357000",
"db": "NVD",
"id": "CVE-2018-20334"
},
{
"date": "2020-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19210"
},
{
"date": "2020-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20334"
},
{
"date": "2020-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016240"
},
{
"date": "2020-03-23T21:59:04.330000",
"db": "NVD",
"id": "CVE-2018-20334"
},
{
"date": "2020-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1248"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSWRT In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016240"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1248"
}
],
"trust": 0.6
}
}
FKIE_CVE-2022-26376
Vulnerability from fkie_nvd - Published: 2022-08-05 22:15 - Updated: 2024-11-21 06:53
Severity ?
Summary
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | asuswrt | * | |
| asuswrt-merlin | new_gen | * | |
| asus | xt8_firmware | * | |
| asus | xt8 | - | |
| asus | tuf-ax3000_v2_firmware | * | |
| asus | tuf-ax3000_v2 | - | |
| asus | xd4_firmware | * | |
| asus | xd4 | - | |
| asus | et12_firmware | * | |
| asus | et12 | - | |
| asus | gt-ax6000_firmware | * | |
| asus | gt-ax6000 | - | |
| asus | xt12_firmware | * | |
| asus | xt12 | - | |
| asus | rt-ax58u_firmware | * | |
| asus | rt-ax58u | - | |
| asus | xt9_firmware | * | |
| asus | xt9 | - | |
| asus | xd6_firmware | * | |
| asus | xd6 | - | |
| asus | gt-ax11000_pro_firmware | * | |
| asus | gt-ax11000_pro | - | |
| asus | gt-axe16000_firmware | * | |
| asus | gt-axe16000 | - | |
| asus | rt-ax86u_firmware | * | |
| asus | rt-ax86u | - | |
| asus | rt-ax68u_firmware | * | |
| asus | rt-ax68u | - | |
| asus | rt-ax82u_firmware | * | |
| asus | rt-ax82u | - | |
| asus | rt-ax56u_firmware | * | |
| asus | rt-ax56u | - | |
| asus | rt-ax55_firmware | * | |
| asus | rt-ax55 | - | |
| asus | gt-ax11000_firmware | * | |
| asus | gt-ax11000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F08F0BFE-E5AF-4991-A543-C879E7920B1A",
"versionEndExcluding": "3.0.0.4.386_48706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asuswrt-merlin:new_gen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56FA1FDB-6F85-429C-BF43-E60F1BF8BDB7",
"versionEndExcluding": "386.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:xt8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1A968A-7E66-43F0-9E98-0EE71E6E8291",
"versionEndExcluding": "3.0.0.4.386_48706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:xt8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37EEF2AE-074D-403B-B606-6C2CE88AD3B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:tuf-ax3000_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E797BD3C-28F5-495C-87DE-B6F42F80270E",
"versionEndExcluding": "3.0.0.4.386_48750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:tuf-ax3000_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D03C2C9-2EE8-47B9-9950-75C8A887C22C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:xd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2664F674-B251-4525-BCBE-74841A2FC8A5",
"versionEndExcluding": "3.0.0.4.386_48790",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:xd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBB0A6-CDA7-47E1-B154-B7D6DE70D973",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:et12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA3A839-66DD-48A9-B14A-DA328EC5A96B",
"versionEndExcluding": "3.0.0.4.386_48823",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:et12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02E71310-9771-4D30-A202-1ADF5533960A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:gt-ax6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C628CA52-9224-4793-968B-5E452A09DA69",
"versionEndExcluding": "3.0.0.4.386_48823",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ax6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B5FD80-66EC-42B3-AD9E-73C8BEDFB71E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:xt12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E78AD82E-F3A4-4A95-8AED-93A29AD945D6",
"versionEndExcluding": "3.0.0.4.386_48823",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:xt12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C67E3C2D-1090-4C72-AAE8-89AE8E997533",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8621573-D08C-4F11-9C6E-335EF7B84C60",
"versionEndExcluding": "3.0.0.4.386_48908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:xt9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9248D5-5BD4-41F5-8F97-0D57DFB083DC",
"versionEndExcluding": "3.0.0.4.388_20027",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:xt9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74B737E9-4218-435F-A6B1-980B2090BA8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:xd6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "071652E7-585F-4071-A48E-2A94AEF1E1D4",
"versionEndExcluding": "3.0.0.4.386_49356",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:xd6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "727481D1-6673-4671-B970-87C6A22706CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:gt-ax11000_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6013420E-9504-456C-A4FD-8C62D1948AB0",
"versionEndExcluding": "3.0.0.4.386_48996",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ax11000_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "140087CE-0EBB-469D-956E-5BECA5AB5CBE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:gt-axe16000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4336BA99-3693-4CF5-B301-C06EFC75B3B6",
"versionEndExcluding": "3.0.0.4.386_48786",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-axe16000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "576BB6E0-D4E3-40EB-8212-B78946FB5082",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BED51697-4045-4551-9BDB-C8795ABB5A6E",
"versionEndExcluding": "3.0.0.4.386_49447",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB28700C-02EB-46D0-9BAD-833CE4790264",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax68u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E702F9E7-BB84-4B3C-8EFE-D6AE16D44C63",
"versionEndExcluding": "3.0.0.4.386_49479",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax68u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E27ED92-86BD-4FDB-A7AF-D308AA4A14DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax82u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA6BB79-7908-494E-AF2A-D5A05B9D73BF",
"versionEndExcluding": "3.0.0.4.386_49380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D118305-CAFD-425F-8352-3B241D2E7702",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax56u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96356DF5-2C7A-47E8-AA6B-BE9DB1A7CF03",
"versionEndExcluding": "3.0.0.4.386_49559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40C64C0C-0D63-4262-9D31-EC560A084548",
"versionEndExcluding": "3.0.0.4.386_49559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:gt-ax11000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1F38CC-78E1-43C7-B855-C79294061B3F",
"versionEndExcluding": "3.0.0.4.386_49559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad httpd unescape de Asuswrt versiones anteriores a 3.0.0.4.386_48706 y Asuswrt-Merlin New Gen versiones anteriores a 386.7. Una petici\u00f3n HTTP especialmente dise\u00f1ada puede conllevar a una corrupci\u00f3n de memoria. Un atacante puede enviar una petici\u00f3n de red para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2022-26376",
"lastModified": "2024-11-21T06:53:52.570",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-05T22:15:11.143",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2018-20335
Vulnerability from fkie_nvd - Published: 2020-03-20 01:15 - Updated: 2024-11-21 04:01
Severity ?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://starlabs.sg/advisories/18-20335/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://starlabs.sg/advisories/18-20335/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | asuswrt | 3.0.0.4.384.20308 | |
| asus | gt-ac2900 | - | |
| asus | gt-ac5300 | - | |
| asus | gt-ax11000 | - | |
| asus | rt-ac1200 | - | |
| asus | rt-ac1200_v2 | - | |
| asus | rt-ac1200g | - | |
| asus | rt-ac1200ge | - | |
| asus | rt-ac1750 | - | |
| asus | rt-ac1750_b1 | - | |
| asus | rt-ac1900p | - | |
| asus | rt-ac3100 | - | |
| asus | rt-ac3200 | - | |
| asus | rt-ac51u | - | |
| asus | rt-ac5300 | - | |
| asus | rt-ac55u | - | |
| asus | rt-ac56r | - | |
| asus | rt-ac56s | - | |
| asus | rt-ac56u | - | |
| asus | rt-ac66r | - | |
| asus | rt-ac66u | - | |
| asus | rt-ac66u-b1 | - | |
| asus | rt-ac66u_b1 | - | |
| asus | rt-ac68p | - | |
| asus | rt-ac68u | - | |
| asus | rt-ac86u | - | |
| asus | rt-ac87u | - | |
| asus | rt-ac88u | - | |
| asus | rt-acrh12 | - | |
| asus | rt-acrh13 | - | |
| asus | rt-ax3000 | - | |
| asus | rt-ax56u | - | |
| asus | rt-ax58u | - | |
| asus | rt-ax88u | - | |
| asus | rt-ax92u | - | |
| asus | rt-g32 | - | |
| asus | rt-n10\+d1 | - | |
| asus | rt-n10e | - | |
| asus | rt-n14u | - | |
| asus | rt-n16 | - | |
| asus | rt-n19 | - | |
| asus | rt-n56r | - | |
| asus | rt-n56u | - | |
| asus | rt-n600 | - | |
| asus | rt-n65u | - | |
| asus | rt-n66r | - | |
| asus | rt-n66u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4DB439-E9CC-4BA5-9A05-B51BF8DCD038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B581C286-7C47-42BF-8876-243285409374",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2B9867-7DA3-4221-9148-36FD412FA993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE19DF1-EB89-4CE5-956F-79BD4AD5E52F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BBA2CB-3DD3-4A8F-9556-E845AFAB2043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF74439-AD6D-4BBB-9254-640170FE1CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2078161F-17EB-45EE-BCE9-C86B3860FD5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59001E8D-E835-464A-915A-AAF59F2F397F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51FC355D-5C81-4041-B649-EB271CA55AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E5EEF4-D19B-41D1-86B6-F2CBB745570E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B17C2B-A1EC-4FC1-8AB1-F35D9E3A0AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EE62D6-1E29-4E84-8944-D3D68E212140",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7DF43D-7EEE-405C-BB2B-822936BCB4A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32874C8-05B6-44A1-B118-DC2F4FE62134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E87BA7-FACD-46B2-BE2A-9EFEA3C62C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D59C40A-D9BA-455B-9F9E-D3B6FB80BC13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD103F76-C432-4577-8465-831E0314D8D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B0EC4-797D-4059-AA90-EC09A49FE105",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5713F0F3-B616-42B7-A0D8-7983F00E79FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81008E66-B5E8-4DE5-B14D-E6983C69BC29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF9FF00-2DDC-4900-8A93-A51E41EA5C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41AF79B6-D208-4357-A08D-D1AB6F136F59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD16BBF-DB02-4E96-A310-82C13898B29D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8794D4A-5E8C-432D-A2FB-9CF86158E8D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFCC588-AAA6-45FA-8D1F-E57C7693D27A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85B0C29C-29A5-4659-8D76-9241B13682DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E016FE0-0A28-49AA-A213-38A5F7728FE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
"matchCriteriaId": "507A5D4D-CAF9-4417-9EA6-B499E04D1CDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C092D3-14B2-4DBB-8C20-D15F0BA33FA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481C7F6F-23A4-4B8B-8E14-44ADFCBE8C58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5567C97-0AE2-429B-B4D7-1CF501BD2C07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4466BA-09EB-43F0-9610-6574F10B5810",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en ASUSWRT versi\u00f3n 3.0.0.4.384.20308. Un usuario no autenticado puede desencadenar una DoS del servicio httpd por medio del URI /APP_Installation.asp?=."
}
],
"id": "CVE-2018-20335",
"lastModified": "2024-11-21T04:01:15.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-20T01:15:22.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20335/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20335/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-20334
Vulnerability from fkie_nvd - Published: 2020-03-20 01:15 - Updated: 2024-11-21 04:01
Severity ?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://starlabs.sg/advisories/18-20334/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://starlabs.sg/advisories/18-20334/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | asuswrt | 3.0.0.4.384.20308 | |
| asus | gt-ac2900 | - | |
| asus | gt-ac5300 | - | |
| asus | gt-ax11000 | - | |
| asus | rt-ac1200 | - | |
| asus | rt-ac1200_v2 | - | |
| asus | rt-ac1200g | - | |
| asus | rt-ac1200ge | - | |
| asus | rt-ac1750 | - | |
| asus | rt-ac1750_b1 | - | |
| asus | rt-ac1900p | - | |
| asus | rt-ac3100 | - | |
| asus | rt-ac3200 | - | |
| asus | rt-ac51u | - | |
| asus | rt-ac5300 | - | |
| asus | rt-ac55u | - | |
| asus | rt-ac56r | - | |
| asus | rt-ac56s | - | |
| asus | rt-ac56u | - | |
| asus | rt-ac66r | - | |
| asus | rt-ac66u | - | |
| asus | rt-ac66u-b1 | - | |
| asus | rt-ac66u_b1 | - | |
| asus | rt-ac68p | - | |
| asus | rt-ac68u | - | |
| asus | rt-ac86u | - | |
| asus | rt-ac87u | - | |
| asus | rt-ac88u | - | |
| asus | rt-acrh12 | - | |
| asus | rt-acrh13 | - | |
| asus | rt-ax3000 | - | |
| asus | rt-ax56u | - | |
| asus | rt-ax58u | - | |
| asus | rt-ax88u | - | |
| asus | rt-ax92u | - | |
| asus | rt-g32 | - | |
| asus | rt-n10\+d1 | - | |
| asus | rt-n10e | - | |
| asus | rt-n14u | - | |
| asus | rt-n16 | - | |
| asus | rt-n19 | - | |
| asus | rt-n56r | - | |
| asus | rt-n56u | - | |
| asus | rt-n600 | - | |
| asus | rt-n65u | - | |
| asus | rt-n66r | - | |
| asus | rt-n66u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4DB439-E9CC-4BA5-9A05-B51BF8DCD038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B581C286-7C47-42BF-8876-243285409374",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2B9867-7DA3-4221-9148-36FD412FA993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE19DF1-EB89-4CE5-956F-79BD4AD5E52F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BBA2CB-3DD3-4A8F-9556-E845AFAB2043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF74439-AD6D-4BBB-9254-640170FE1CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2078161F-17EB-45EE-BCE9-C86B3860FD5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59001E8D-E835-464A-915A-AAF59F2F397F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51FC355D-5C81-4041-B649-EB271CA55AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E5EEF4-D19B-41D1-86B6-F2CBB745570E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B17C2B-A1EC-4FC1-8AB1-F35D9E3A0AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EE62D6-1E29-4E84-8944-D3D68E212140",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7DF43D-7EEE-405C-BB2B-822936BCB4A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32874C8-05B6-44A1-B118-DC2F4FE62134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E87BA7-FACD-46B2-BE2A-9EFEA3C62C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D59C40A-D9BA-455B-9F9E-D3B6FB80BC13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD103F76-C432-4577-8465-831E0314D8D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B0EC4-797D-4059-AA90-EC09A49FE105",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5713F0F3-B616-42B7-A0D8-7983F00E79FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81008E66-B5E8-4DE5-B14D-E6983C69BC29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF9FF00-2DDC-4900-8A93-A51E41EA5C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41AF79B6-D208-4357-A08D-D1AB6F136F59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD16BBF-DB02-4E96-A310-82C13898B29D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8794D4A-5E8C-432D-A2FB-9CF86158E8D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFCC588-AAA6-45FA-8D1F-E57C7693D27A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85B0C29C-29A5-4659-8D76-9241B13682DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E016FE0-0A28-49AA-A213-38A5F7728FE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
"matchCriteriaId": "507A5D4D-CAF9-4417-9EA6-B499E04D1CDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C092D3-14B2-4DBB-8C20-D15F0BA33FA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481C7F6F-23A4-4B8B-8E14-44ADFCBE8C58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5567C97-0AE2-429B-B4D7-1CF501BD2C07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4466BA-09EB-43F0-9610-6574F10B5810",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en ASUSWRT versi\u00f3n 3.0.0.4.384.20308. Al procesar los datos POST del archivo /start_apply.htm, se presenta un problema de inyecci\u00f3n de comandos por medio de metacaracteres de shell en el par\u00e1metro fb_email. Al usar este problema, un atacante puede controlar el enrutador y conseguir la shell."
}
],
"id": "CVE-2018-20334",
"lastModified": "2024-11-21T04:01:15.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-20T01:15:22.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20334/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20334/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-20333
Vulnerability from fkie_nvd - Published: 2020-03-20 01:15 - Updated: 2024-11-21 04:01
Severity ?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://starlabs.sg/advisories/18-20333/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://starlabs.sg/advisories/18-20333/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | asuswrt | 3.0.0.4.384.20308 | |
| asus | gt-ac2900 | - | |
| asus | gt-ac5300 | - | |
| asus | gt-ax11000 | - | |
| asus | rt-ac1200 | - | |
| asus | rt-ac1200_v2 | - | |
| asus | rt-ac1200g | - | |
| asus | rt-ac1200ge | - | |
| asus | rt-ac1750 | - | |
| asus | rt-ac1750_b1 | - | |
| asus | rt-ac1900p | - | |
| asus | rt-ac3100 | - | |
| asus | rt-ac3200 | - | |
| asus | rt-ac51u | - | |
| asus | rt-ac5300 | - | |
| asus | rt-ac55u | - | |
| asus | rt-ac56r | - | |
| asus | rt-ac56s | - | |
| asus | rt-ac56u | - | |
| asus | rt-ac66r | - | |
| asus | rt-ac66u | - | |
| asus | rt-ac66u-b1 | - | |
| asus | rt-ac66u_b1 | - | |
| asus | rt-ac68p | - | |
| asus | rt-ac68u | - | |
| asus | rt-ac86u | - | |
| asus | rt-ac87u | - | |
| asus | rt-ac88u | - | |
| asus | rt-acrh12 | - | |
| asus | rt-acrh13 | - | |
| asus | rt-ax3000 | - | |
| asus | rt-ax56u | - | |
| asus | rt-ax58u | - | |
| asus | rt-ax88u | - | |
| asus | rt-ax92u | - | |
| asus | rt-g32 | - | |
| asus | rt-n10\+d1 | - | |
| asus | rt-n10e | - | |
| asus | rt-n14u | - | |
| asus | rt-n16 | - | |
| asus | rt-n19 | - | |
| asus | rt-n56r | - | |
| asus | rt-n56u | - | |
| asus | rt-n600 | - | |
| asus | rt-n65u | - | |
| asus | rt-n66r | - | |
| asus | rt-n66u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4DB439-E9CC-4BA5-9A05-B51BF8DCD038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B581C286-7C47-42BF-8876-243285409374",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2B9867-7DA3-4221-9148-36FD412FA993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE19DF1-EB89-4CE5-956F-79BD4AD5E52F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BBA2CB-3DD3-4A8F-9556-E845AFAB2043",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF74439-AD6D-4BBB-9254-640170FE1CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2078161F-17EB-45EE-BCE9-C86B3860FD5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59001E8D-E835-464A-915A-AAF59F2F397F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51FC355D-5C81-4041-B649-EB271CA55AFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E5EEF4-D19B-41D1-86B6-F2CBB745570E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B17C2B-A1EC-4FC1-8AB1-F35D9E3A0AA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EE62D6-1E29-4E84-8944-D3D68E212140",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7DF43D-7EEE-405C-BB2B-822936BCB4A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32874C8-05B6-44A1-B118-DC2F4FE62134",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E87BA7-FACD-46B2-BE2A-9EFEA3C62C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D59C40A-D9BA-455B-9F9E-D3B6FB80BC13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD103F76-C432-4577-8465-831E0314D8D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B0EC4-797D-4059-AA90-EC09A49FE105",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5713F0F3-B616-42B7-A0D8-7983F00E79FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81008E66-B5E8-4DE5-B14D-E6983C69BC29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF9FF00-2DDC-4900-8A93-A51E41EA5C17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41AF79B6-D208-4357-A08D-D1AB6F136F59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD16BBF-DB02-4E96-A310-82C13898B29D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8794D4A-5E8C-432D-A2FB-9CF86158E8D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFCC588-AAA6-45FA-8D1F-E57C7693D27A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85B0C29C-29A5-4659-8D76-9241B13682DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E016FE0-0A28-49AA-A213-38A5F7728FE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*",
"matchCriteriaId": "507A5D4D-CAF9-4417-9EA6-B499E04D1CDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C092D3-14B2-4DBB-8C20-D15F0BA33FA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "481C7F6F-23A4-4B8B-8E14-44ADFCBE8C58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5567C97-0AE2-429B-B4D7-1CF501BD2C07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4466BA-09EB-43F0-9610-6574F10B5810",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en ASUSWRT versi\u00f3n 3.0.0.4.384.20308. Un usuario no autenticado puede solicitar el archivo /update_applist.asp para visualizar si un dispositivo USB se encuentra adjunto al enrutador y si hay aplicaciones instaladas en el enrutador."
}
],
"id": "CVE-2018-20333",
"lastModified": "2024-11-21T04:01:15.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-20T01:15:22.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20333/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://starlabs.sg/advisories/18-20333/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15656
Vulnerability from fkie_nvd - Published: 2018-01-31 20:29 - Updated: 2024-11-21 03:14
Severity ?
Summary
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jan/63 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jan/63 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66979BDA-4814-48F1-8F52-1AC26A4513B1",
"versionEndIncluding": "3.0.0.4.380.7743",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Password are stored in plaintext in nvram in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt."
},
{
"lang": "es",
"value": "Las contrase\u00f1as se almacenan en texto plano en nvram en el servidor HTTPd en todas las versiones actuales (iguales o anteriores a la 3.0.0.4.380.7743) de Asus asuswrt."
}
],
"id": "CVE-2017-15656",
"lastModified": "2024-11-21T03:14:58.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-31T20:29:00.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15654
Vulnerability from fkie_nvd - Published: 2018-01-31 20:29 - Updated: 2024-11-21 03:14
Severity ?
Summary
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jan/63 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jan/63 | Exploit, Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66979BDA-4814-48F1-8F52-1AC26A4513B1",
"versionEndIncluding": "3.0.0.4.380.7743",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Highly predictable session tokens in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access."
},
{
"lang": "es",
"value": "Los tokens de sesi\u00f3n altamente predecibles en el servidor HTTPd en todas las versiones actuales (iguales o inferiores a 3.0.0.4.380.7743) de Asus asuswrt permiten obtener acceso administrativo al router."
}
],
"id": "CVE-2017-15654",
"lastModified": "2024-11-21T03:14:58.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-31T20:29:00.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15655
Vulnerability from fkie_nvd - Published: 2018-01-31 20:29 - Updated: 2024-11-21 03:14
Severity ?
Summary
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jan/63 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://sploit.tech/2018/01/16/ASUS-part-I.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jan/63 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sploit.tech/2018/01/16/ASUS-part-I.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94706BE6-DD37-4F86-8154-5809CE4913A0",
"versionEndExcluding": "3.0.0.4.378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version \u003c=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer en el servidor HTTPd en Asus asuswrt en versiones iguales o anteriores a la 3.0.0.4.376.X. Todas se han solucionado en la versi\u00f3n 3.0.0.4.378, pero esta vulnerabilidad no hab\u00eda sido revelada anteriormente. Algunos routers que est\u00e1n en el final de su vida \u00fatil tienen esta versi\u00f3n como la m\u00e1s nueva y, por lo tanto, son vulnerables. Esta vulnerabilidad permite un RCE con privilegios de administrador cuando el administrador visita varias p\u00e1ginas."
}
],
"id": "CVE-2017-15655",
"lastModified": "2024-11-21T03:14:58.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-31T20:29:00.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sploit.tech/2018/01/16/ASUS-part-I.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://sploit.tech/2018/01/16/ASUS-part-I.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15653
Vulnerability from fkie_nvd - Published: 2018-01-31 20:29 - Updated: 2024-11-21 03:14
Severity ?
Summary
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jan/63 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jan/63 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:asuswrt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78F4C3DB-DC64-4A1D-AB0E-5199CE17D0F3",
"versionEndIncluding": "3.0.0.4.380.7743",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper administrator IP validation after his login in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string."
},
{
"lang": "es",
"value": "La validaci\u00f3n indebida de la IP del administrador tras iniciar sesi\u00f3n en el servidor HTTPd en todas las versiones actuales (iguales o inferiores a 3.0.0.4.380.7743) de Asus asuswrt permite que un usuario no autorizado ejecute cualquier acci\u00f3n conociendo el token de administrador mediante el uso de una cadena User-Agent espec\u00edfica."
}
],
"id": "CVE-2017-15653",
"lastModified": "2024-11-21T03:14:57.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-31T20:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-26376 (GCVE-0-2022-26376)
Vulnerability from cvelistv5 – Published: 2022-08-05 21:18 – Updated: 2025-04-15 18:53
VLAI?
Summary
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Asuswrt-Merlin | Asuswrt-Merlin New Gen |
Affected:
prior to 386.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26376",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:18:45.679502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:53:55.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Asuswrt-Merlin New Gen",
"vendor": "Asuswrt-Merlin",
"versions": [
{
"status": "affected",
"version": "prior to 386.7"
}
]
}
],
"datePublic": "2022-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-26376",
"datePublished": "2022-08-05T21:18:47.095Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:53:55.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20333 (GCVE-0-2018-20333)
Vulnerability from cvelistv5 – Published: 2020-03-20 00:11 – Updated: 2024-08-05 11:58
VLAI?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/18-20333/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T00:11:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/18-20333/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://starlabs.sg/advisories/18-20333/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/18-20333/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20333",
"datePublished": "2020-03-20T00:11:15",
"dateReserved": "2018-12-21T00:00:00",
"dateUpdated": "2024-08-05T11:58:19.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20335 (GCVE-0-2018-20335)
Vulnerability from cvelistv5 – Published: 2020-03-20 00:11 – Updated: 2024-08-05 11:58
VLAI?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/18-20335/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T00:11:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/18-20335/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://starlabs.sg/advisories/18-20335/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/18-20335/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20335",
"datePublished": "2020-03-20T00:11:09",
"dateReserved": "2018-12-21T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20334 (GCVE-0-2018-20334)
Vulnerability from cvelistv5 – Published: 2020-03-20 00:11 – Updated: 2024-08-05 11:58
VLAI?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/18-20334/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T00:11:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/18-20334/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://starlabs.sg/advisories/18-20334/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/18-20334/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20334",
"datePublished": "2020-03-20T00:11:06",
"dateReserved": "2018-12-21T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15653 (GCVE-0-2017-15653)
Vulnerability from cvelistv5 – Published: 2018-01-31 20:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper administrator IP validation after his login in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-31T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper administrator IP validation after his login in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"name": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15653",
"datePublished": "2018-01-31T20:00:00",
"dateReserved": "2017-10-19T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15656 (GCVE-0-2017-15656)
Vulnerability from cvelistv5 – Published: 2018-01-31 20:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Password are stored in plaintext in nvram in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-31T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password are stored in plaintext in nvram in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"name": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15656",
"datePublished": "2018-01-31T20:00:00",
"dateReserved": "2017-10-19T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26376 (GCVE-0-2022-26376)
Vulnerability from nvd – Published: 2022-08-05 21:18 – Updated: 2025-04-15 18:53
VLAI?
Summary
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Asuswrt-Merlin | Asuswrt-Merlin New Gen |
Affected:
prior to 386.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26376",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:18:45.679502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:53:55.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Asuswrt-Merlin New Gen",
"vendor": "Asuswrt-Merlin",
"versions": [
{
"status": "affected",
"version": "prior to 386.7"
}
]
}
],
"datePublic": "2022-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-26376",
"datePublished": "2022-08-05T21:18:47.095Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:53:55.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20333 (GCVE-0-2018-20333)
Vulnerability from nvd – Published: 2020-03-20 00:11 – Updated: 2024-08-05 11:58
VLAI?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/18-20333/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T00:11:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/18-20333/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://starlabs.sg/advisories/18-20333/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/18-20333/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20333",
"datePublished": "2020-03-20T00:11:15",
"dateReserved": "2018-12-21T00:00:00",
"dateUpdated": "2024-08-05T11:58:19.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20335 (GCVE-0-2018-20335)
Vulnerability from nvd – Published: 2020-03-20 00:11 – Updated: 2024-08-05 11:58
VLAI?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/18-20335/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T00:11:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/18-20335/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://starlabs.sg/advisories/18-20335/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/18-20335/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20335",
"datePublished": "2020-03-20T00:11:09",
"dateReserved": "2018-12-21T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20334 (GCVE-0-2018-20334)
Vulnerability from nvd – Published: 2020-03-20 00:11 – Updated: 2024-08-05 11:58
VLAI?
Summary
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/18-20334/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T00:11:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/18-20334/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://starlabs.sg/advisories/18-20334/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/18-20334/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20334",
"datePublished": "2020-03-20T00:11:06",
"dateReserved": "2018-12-21T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15653 (GCVE-0-2017-15653)
Vulnerability from nvd – Published: 2018-01-31 20:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper administrator IP validation after his login in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-31T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper administrator IP validation after his login in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"name": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15653",
"datePublished": "2018-01-31T20:00:00",
"dateReserved": "2017-10-19T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15656 (GCVE-0-2017-15656)
Vulnerability from nvd – Published: 2018-01-31 20:00 – Updated: 2024-08-05 19:57
VLAI?
Summary
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Password are stored in plaintext in nvram in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-31T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Password are stored in plaintext in nvram in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"name": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15656",
"datePublished": "2018-01-31T20:00:00",
"dateReserved": "2017-10-19T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}