Lucene search
SAINT CorporationSAINT:1FAFFE9723ECA2EE5DFB56A36466F828HistoryFeb 28, 2018 - 12:00 a.m.
ASUSWRT vpnupload.cgi authentication bypass
2018-02-2800:00:00
SAINT Corporation
download.saintcorporation.com
874
0.254 Low
EPSS
Percentile
96.7%
Added: 02/28/2018
CVE: CVE-2018-5999
Background
ASUSWRT is the firmware used in many ASUS devices.
Problem
The combination of two separate vulnerabilities in ASUSWRT allows remote attackers to execute arbitrary commands. The first vulnerability allows an unauthenticated user to make certain POST requests. The second allows NVRAM settings to be changed using a POST request to **vpnupload.cgi**.
Resolution
Upgrade to ASUSWRT version 3.0.0.4.384_10007 or higher.
References
<http://seclists.org/fulldisclosure/2018/Jan/78>
Platforms
Linux
Related
nvd
nvd
CVE-2018-5999
2018-01-22 20:29:00
CVE-2018-6000
2018-01-22 20:29:00
saint
saint
ASUSWRT vpnupload.cgi authentication bypass
2018-02-28 00:00:00
ASUSWRT vpnupload.cgi authentication bypass
2018-02-28 00:00:00
prion
prion
Authentication flaw
2018-01-22 20:29:00
Command injection
2018-01-22 20:29:00
cve
cve
CVE-2018-5999
2018-01-22 20:29:00
CVE-2018-6000
2018-01-22 20:29:00
cvelist
cvelist
CVE-2018-5999
2018-01-22 20:00:00
CVE-2018-6000
2018-01-22 20:00:00
zdt
zdt
AsusWRT LAN Unauthenticated Remote Code Execution Exploit
2018-02-23 00:00:00
packetstorm
packetstorm
AsusWRT LAN Unauthenticated Remote Code Execution
2018-02-23 00:00:00
AsusWRT Router Remote Code Execution
2018-01-26 00:00:00
threatpost
threatpost
exploitpack
exploitpack
AsusWRT Router 3.0.0.4.380.7743 - LAN Remote Code Execution
2018-01-22 00:00:00
pentestit
pentestit
UPDATED VERSION: RouterSploit 3.4.0
2018-10-18 18:13:04
exploitdb
exploitdb
AsusWRT Router < 3.0.0.4.380.7743 - LAN Remote Code Execution
2018-01-22 00:00:00