Vulnerability Details CVE-2018-9285
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.084
EPSS Ranking 91.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html
- https://fortiguard.com/zeroday/FG-VD-17-216
- https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html
- http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html
- https://fortiguard.com/zeroday/FG-VD-17-216
- https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html
Products affected by CVE-2018-9285
-
cpe:2.3:h:asus:rt-ac1900:-
-
cpe:2.3:h:asus:rt-ac2900:-
-
cpe:2.3:h:asus:rt-ac3100:-
-
cpe:2.3:h:asus:rt-ac3200:-
-
cpe:2.3:h:asus:rt-ac5300:-
-
cpe:2.3:h:asus:rt-ac66u:-
-
cpe:2.3:h:asus:rt-ac68u:-
-
cpe:2.3:h:asus:rt-ac86u:-
-
cpe:2.3:h:asus:rt-ac87u:-
-
cpe:2.3:h:asus:rt-ac88u:-
-
cpe:2.3:h:asus:rt-n18u:-
-
cpe:2.3:o:asus:rt-ac1900_firmware:*
-
cpe:2.3:o:asus:rt-ac2900_firmware:*
-
cpe:2.3:o:asus:rt-ac3100_firmware:*
-
cpe:2.3:o:asus:rt-ac3200_firmware:*
-
cpe:2.3:o:asus:rt-ac5300_firmware:*
-
cpe:2.3:o:asus:rt-ac66u_firmware:-
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.140
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.220
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.246
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.260
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.270
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.354
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.372_67
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.374_2050
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.380.8228
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.382.50470
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.382.51634
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.382.51640
-
cpe:2.3:o:asus:rt-ac66u_firmware:3.0.0.4.382.51641
-
cpe:2.3:o:asus:rt-ac68u_firmware:3.0.0.4.374.4755
-
cpe:2.3:o:asus:rt-ac68u_firmware:3.0.0.4.374.5047
-
cpe:2.3:o:asus:rt-ac68u_firmware:3.0.0.4.374_4561
-
cpe:2.3:o:asus:rt-ac68u_firmware:3.0.0.4.374_4887
-
cpe:2.3:o:asus:rt-ac68u_firmware:3.0.0.4.374_4983
-
cpe:2.3:o:asus:rt-ac68u_firmware:3.0.0.4.376.3715
-
cpe:2.3:o:asus:rt-ac68u_firmware:3.0.0.4.380.1031
-
cpe:2.3:o:asus:rt-ac86u_firmware:*
-
cpe:2.3:o:asus:rt-ac87u_firmware:3.0.0.4.378.3754
-
cpe:2.3:o:asus:rt-ac87u_firmware:3.0.0.4.378.9383
-
cpe:2.3:o:asus:rt-ac88u_firmware:*
-
cpe:2.3:o:asus:rt-n18u_firmware:*