VAR-202002-0891
Vulnerability from variot - Updated: 2023-12-18 13:13Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. Asuswrt-Merlin and ASUS There is an information leakage vulnerability in the firmware.Information may be obtained. ASUS Asuswrt-Merlin is a firmware running in the routers of ASUS Corporation of Taiwan, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0891",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asus",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.382.50470"
},
{
"model": "asuswrt-merlin",
"scope": "lt",
"trust": 1.0,
"vendor": "asuswrt merlin",
"version": "384.4"
},
{
"model": "asus",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "384.4"
},
{
"model": "asuswrt-merlin",
"scope": "eq",
"trust": 0.8,
"vendor": "asuswrt merlin",
"version": "3.0.0.4.382.50470"
},
{
"model": "asuswrt-merlin",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "382.1_2"
},
{
"model": "asuswrt-merlin",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "382.1"
},
{
"model": "asuswrt-merlin",
"scope": "eq",
"trust": 0.6,
"vendor": "asuswrt merlin",
"version": "384.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"db": "NVD",
"id": "CVE-2018-8878"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "384.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:asus_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.4.382.50470",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8878"
}
]
},
"cve": "CVE-2018-8878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-016227",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-138910",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-016227",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8878",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2018-016227",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1276",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138910",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138910"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"db": "NVD",
"id": "CVE-2018-8878"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices\u0027 hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. Asuswrt-Merlin and ASUS There is an information leakage vulnerability in the firmware.Information may be obtained. ASUS Asuswrt-Merlin is a firmware running in the routers of ASUS Corporation of Taiwan, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8878"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"db": "VULHUB",
"id": "VHN-138910"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8878",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016227",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1276",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-17191",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-138910",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138910"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"db": "NVD",
"id": "CVE-2018-8878"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
]
},
"id": "VAR-202002-0891",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138910"
}
],
"trust": 0.7915205
},
"last_update_date": "2023-12-18T13:13:04.189000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.asus.com/us/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.asuswrt-merlin.net/"
},
{
"title": "ASUS Asuswrt-Merlin Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111224"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138910"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"db": "NVD",
"id": "CVE-2018-8878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/outofhere/research/blob/master/2018/asus/cve_notes.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8878"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8878"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138910"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"db": "NVD",
"id": "CVE-2018-8878"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138910"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"db": "NVD",
"id": "CVE-2018-8878"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-138910"
},
{
"date": "2020-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"date": "2020-02-27T22:15:13.627000",
"db": "NVD",
"id": "CVE-2018-8878"
},
{
"date": "2020-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-138910"
},
{
"date": "2020-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016227"
},
{
"date": "2020-03-04T18:36:59.197000",
"db": "NVD",
"id": "CVE-2018-8878"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asuswrt-Merlin and ASUS Information leakage vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1276"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…