ID CVE-2018-6000
Summary An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
References
Vulnerable Configurations
  • cpe:2.3:o:asus:asuswrt:3.0.0.4.378:*:*:*:*:*:*:*
    cpe:2.3:o:asus:asuswrt:3.0.0.4.378:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:asuswrt:3.0.0.4.380.7743:*:*:*:*:*:*:*
    cpe:2.3:o:asus:asuswrt:3.0.0.4.380.7743:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*
    cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
exploit-db
  • 43881
  • 44176
misc
Last major update 03-10-2019 - 00:03
Published 22-01-2018 - 20:29
Last modified 03-10-2019 - 00:03
Back to Top