CVE-2018-20334

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://starlabs.sg/advisories/18-20334/	Exploit Third Party Advisory
https://starlabs.sg/advisories/18-20334/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*

OR	cpe:2.3:h:asus:gt-ac2900:-:::::::*
	cpe:2.3:h:asus:gt-ac5300:-:::::::*
	cpe:2.3:h:asus:gt-ax11000:-:::::::*
	cpe:2.3:h:asus:rt-ac1200:-:::::::*
	cpe:2.3:h:asus:rt-ac1200_v2:-:::::::*
	cpe:2.3:h:asus:rt-ac1200g:-:::::::*
	cpe:2.3:h:asus:rt-ac1200ge:-:::::::*
	cpe:2.3:h:asus:rt-ac1750:-:::::::*
	cpe:2.3:h:asus:rt-ac1750_b1:-:::::::*
	cpe:2.3:h:asus:rt-ac1900p:-:::::::*
	cpe:2.3:h:asus:rt-ac3100:-:::::::*
	cpe:2.3:h:asus:rt-ac3200:-:::::::*
	cpe:2.3:h:asus:rt-ac51u:-:::::::*
	cpe:2.3:h:asus:rt-ac5300:-:::::::*
	cpe:2.3:h:asus:rt-ac55u:-:::::::*
	cpe:2.3:h:asus:rt-ac56r:-:::::::*
	cpe:2.3:h:asus:rt-ac56s:-:::::::*
	cpe:2.3:h:asus:rt-ac56u:-:::::::*
	cpe:2.3:h:asus:rt-ac66r:-:::::::*
	cpe:2.3:h:asus:rt-ac66u:-:::::::*
	cpe:2.3:h:asus:rt-ac66u-b1:-:::::::*
	cpe:2.3:h:asus:rt-ac66u_b1:-:::::::*
	cpe:2.3:h:asus:rt-ac68p:-:::::::*
	cpe:2.3:h:asus:rt-ac68u:-:::::::*
	cpe:2.3:h:asus:rt-ac86u:-:::::::*
	cpe:2.3:h:asus:rt-ac87u:-:::::::*
	cpe:2.3:h:asus:rt-ac88u:-:::::::*
	cpe:2.3:h:asus:rt-acrh12:-:::::::*
	cpe:2.3:h:asus:rt-acrh13:-:::::::*
	cpe:2.3:h:asus:rt-ax3000:-:::::::*
	cpe:2.3:h:asus:rt-ax56u:-:::::::*
	cpe:2.3:h:asus:rt-ax58u:-:::::::*
	cpe:2.3:h:asus:rt-ax88u:-:::::::*
	cpe:2.3:h:asus:rt-ax92u:-:::::::*
	cpe:2.3:h:asus:rt-g32:-:::::::*
	cpe:2.3:h:asus:rt-n10\+d1:-:::::::*
	cpe:2.3:h:asus:rt-n10e:-:::::::*
	cpe:2.3:h:asus:rt-n14u:-:::::::*
	cpe:2.3:h:asus:rt-n16:-:::::::*
	cpe:2.3:h:asus:rt-n19:-:::::::*
	cpe:2.3:h:asus:rt-n56r:-:::::::*
	cpe:2.3:h:asus:rt-n56u:-:::::::*
	cpe:2.3:h:asus:rt-n600:-:::::::*
	cpe:2.3:h:asus:rt-n65u:-:::::::*
	cpe:2.3:h:asus:rt-n66r:-:::::::*
	cpe:2.3:h:asus:rt-n66u:-:::::::*

History

21 Nov 2024, 04:01

Type	Values Removed	Values Added
References	~~() https://starlabs.sg/advisories/18-20334/ - Exploit, Third Party Advisory~~	() https://starlabs.sg/advisories/18-20334/ - Exploit, Third Party Advisory

Information

Published : 2020-03-20 01:15

Updated : 2024-11-21 04:01

NVD link : CVE-2018-20334

Mitre link : CVE-2018-20334

CVE.ORG link : CVE-2018-20334

JSON object : View

Products Affected

asus

rt-ac86u
gt-ac5300
rt-ac68u
rt-ac66r
rt-ac1200g
rt-ax58u
rt-ac1200ge
rt-ac51u
rt-ax92u
rt-n14u
rt-ac66u-b1
rt-n10\+d1
rt-n19
rt-ac3100
rt-ac56u
rt-n66u
rt-n10e
rt-ac88u
gt-ax11000
rt-ac66u
rt-n16
rt-n56u
rt-ac1750_b1
rt-acrh13
rt-n66r
rt-ac87u
rt-ax56u
rt-g32
rt-ac1900p
rt-ac3200
rt-ac66u_b1
rt-ac68p
rt-ac56r
rt-n56r
rt-ac1750
rt-ax3000
rt-ax88u
rt-n600
rt-n65u
rt-ac1200
rt-ac55u
gt-ac2900
rt-ac1200_v2
asuswrt
rt-acrh12
rt-ac56s
rt-ac5300

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2018-20334", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-03-20T01:15:22.357", "references": [{"url": "https://starlabs.sg/advisories/18-20334/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://starlabs.sg/advisories/18-20334/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."}, {"lang": "es", "value": "Se detect\u00f3 un problema en ASUSWRT versi\u00f3n 3.0.0.4.384.20308. Al procesar los datos POST del archivo /start_apply.htm, se presenta un problema de inyecci\u00f3n de comandos por medio de metacaracteres de shell en el par\u00e1metro fb_email. Al usar este problema, un atacante puede controlar el enrutador y conseguir la shell."}], "lastModified": "2024-11-21T04:01:15.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F4DB439-E9CC-4BA5-9A05-B51BF8DCD038"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B581C286-7C47-42BF-8876-243285409374"}, {"criteria": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D2B9867-7DA3-4221-9148-36FD412FA993"}, {"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E"}, {"criteria": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9BE19DF1-EB89-4CE5-956F-79BD4AD5E52F"}, {"criteria": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80BBA2CB-3DD3-4A8F-9556-E845AFAB2043"}, {"criteria": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1CF74439-AD6D-4BBB-9254-640170FE1CF3"}, {"criteria": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2078161F-17EB-45EE-BCE9-C86B3860FD5C"}, {"criteria": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59001E8D-E835-464A-915A-AAF59F2F397F"}, {"criteria": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51FC355D-5C81-4041-B649-EB271CA55AFD"}, {"criteria": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1E5EEF4-D19B-41D1-86B6-F2CBB745570E"}, {"criteria": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B9B17C2B-A1EC-4FC1-8AB1-F35D9E3A0AA2"}, {"criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C"}, {"criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3"}, {"criteria": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "55EE62D6-1E29-4E84-8944-D3D68E212140"}, {"criteria": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4C7DF43D-7EEE-405C-BB2B-822936BCB4A0"}, {"criteria": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E32874C8-05B6-44A1-B118-DC2F4FE62134"}, {"criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91"}, {"criteria": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3E87BA7-FACD-46B2-BE2A-9EFEA3C62C17"}, {"criteria": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D59C40A-D9BA-455B-9F9E-D3B6FB80BC13"}, {"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E"}, {"criteria": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD103F76-C432-4577-8465-831E0314D8D4"}, {"criteria": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F6B0EC4-797D-4059-AA90-EC09A49FE105"}, {"criteria": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5713F0F3-B616-42B7-A0D8-7983F00E79FE"}, {"criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15"}, {"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6"}, {"criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05"}, {"criteria": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81008E66-B5E8-4DE5-B14D-E6983C69BC29"}, {"criteria": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1EF9FF00-2DDC-4900-8A93-A51E41EA5C17"}, {"criteria": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "41AF79B6-D208-4357-A08D-D1AB6F136F59"}, {"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25"}, {"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D747097-702E-4046-9723-01A586336534"}, {"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392"}, {"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C"}, {"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5"}, {"criteria": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5AD16BBF-DB02-4E96-A310-82C13898B29D"}, {"criteria": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8794D4A-5E8C-432D-A2FB-9CF86158E8D5"}, {"criteria": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9AFCC588-AAA6-45FA-8D1F-E57C7693D27A"}, {"criteria": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "85B0C29C-29A5-4659-8D76-9241B13682DF"}, {"criteria": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E016FE0-0A28-49AA-A213-38A5F7728FE2"}, {"criteria": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "507A5D4D-CAF9-4417-9EA6-B499E04D1CDD"}, {"criteria": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14C092D3-14B2-4DBB-8C20-D15F0BA33FA8"}, {"criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13"}, {"criteria": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "481C7F6F-23A4-4B8B-8E14-44ADFCBE8C58"}, {"criteria": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5567C97-0AE2-429B-B4D7-1CF501BD2C07"}, {"criteria": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB4466BA-09EB-43F0-9610-6574F10B5810"}, {"criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

9.8 /10