Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-6000

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.907
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Products affected by CVE-2018-6000
  • Asus » Asuswrt » Version: N/A
    cpe:2.3:o:asus:asuswrt:-
  • Asus » Asuswrt » Version: 3.0.0.4.378
    cpe:2.3:o:asus:asuswrt:3.0.0.4.378
  • Asus » Asuswrt » Version: 3.0.0.4.380.7743
    cpe:2.3:o:asus:asuswrt:3.0.0.4.380.7743
  • Asus » Asuswrt » Version: 3.0.0.4.384.20308
    cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308


Products
Pricing
Contact Us

Shodan ® - All rights reserved