Vulnerability Details CVE-2018-20334
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.037
EPSS Ranking 87.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Products affected by CVE-2018-20334
-
cpe:2.3:h:asus:gt-ac2900:-
-
cpe:2.3:h:asus:gt-ac5300:-
-
cpe:2.3:h:asus:gt-ax11000:-
-
cpe:2.3:h:asus:rt-ac1200:-
-
cpe:2.3:h:asus:rt-ac1200_v2:-
-
cpe:2.3:h:asus:rt-ac1200g:-
-
cpe:2.3:h:asus:rt-ac1200ge:-
-
cpe:2.3:h:asus:rt-ac1750:-
-
cpe:2.3:h:asus:rt-ac1750_b1:-
-
cpe:2.3:h:asus:rt-ac1900p:-
-
cpe:2.3:h:asus:rt-ac3100:-
-
cpe:2.3:h:asus:rt-ac3200:-
-
cpe:2.3:h:asus:rt-ac51u:-
-
cpe:2.3:h:asus:rt-ac5300:-
-
cpe:2.3:h:asus:rt-ac55u:-
-
cpe:2.3:h:asus:rt-ac56r:-
-
cpe:2.3:h:asus:rt-ac56s:-
-
cpe:2.3:h:asus:rt-ac56u:-
-
cpe:2.3:h:asus:rt-ac66r:-
-
cpe:2.3:h:asus:rt-ac66u-b1:-
-
cpe:2.3:h:asus:rt-ac66u:-
-
cpe:2.3:h:asus:rt-ac66u_b1:-
-
cpe:2.3:h:asus:rt-ac68p:-
-
cpe:2.3:h:asus:rt-ac68u:-
-
cpe:2.3:h:asus:rt-ac86u:-
-
cpe:2.3:h:asus:rt-ac87u:-
-
cpe:2.3:h:asus:rt-ac88u:-
-
cpe:2.3:h:asus:rt-acrh12:-
-
cpe:2.3:h:asus:rt-acrh13:-
-
cpe:2.3:h:asus:rt-ax3000:-
-
cpe:2.3:h:asus:rt-ax56u:-
-
cpe:2.3:h:asus:rt-ax58u:-
-
cpe:2.3:h:asus:rt-ax88u:-
-
cpe:2.3:h:asus:rt-ax92u:-
-
cpe:2.3:h:asus:rt-g32:-
-
cpe:2.3:h:asus:rt-n10+d1:-
-
cpe:2.3:h:asus:rt-n10e:-
-
cpe:2.3:h:asus:rt-n14u:-
-
cpe:2.3:h:asus:rt-n16:-
-
cpe:2.3:h:asus:rt-n19:-
-
cpe:2.3:h:asus:rt-n56r:-
-
cpe:2.3:h:asus:rt-n56u:-
-
cpe:2.3:h:asus:rt-n600:-
-
cpe:2.3:h:asus:rt-n65u:-
-
cpe:2.3:h:asus:rt-n66r:-
-
cpe:2.3:h:asus:rt-n66u:-
-
cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308