Vulnerability Details : CVE-2018-5999
Public exploit exists!
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
Exploit prediction scoring system (EPSS) score for CVE-2018-5999
25.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2018-5999
-
AsusWRT LAN Unauthenticated Remote Code Execution
Disclosure Date: 2018-01-22First seen: 2020-04-26exploit/linux/http/asuswrt_lan_rceThe HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request
CVSS scores for CVE-2018-5999
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2018-5999
-
https://www.exploit-db.com/exploits/44176/
AsusWRT LAN - Remote Code Execution (Metasploit)
-
https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb
Exploit;Third Party Advisory
-
https://blogs.securiteam.com/index.php/archives/3589
SSD Advisory – Hack2Win - Asus Unauthenticated LAN Remote Command Execution - SSD Secure DisclosureExploit;Technical Description;Third Party Advisory
-
https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt
PoC/asuswrt-lan-rce.txt at master · pedrib/PoC · GitHubExploit;Third Party Advisory
-
https://www.exploit-db.com/exploits/43881/
AsusWRT Router < 3.0.0.4.380.7743 - LAN Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
Products affected by CVE-2018-5999
- cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*