CVE-2018-9285

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
asusrt-ac66u_firmware
𝑥
< 3.0.0.4.384.10007
asusrt-ac68u_firmware
𝑥
< 3.0.0.4.384.10007
asusrt-ac86u_firmware
𝑥
< 3.0.0.4.384.10007
asusrt-ac88u_firmware
𝑥
< 3.0.0.4.384.10007
asusrt-ac1900_firmware
𝑥
< 3.0.0.4.384.10007
asusrt-ac2900_firmware
𝑥
< 3.0.0.4.384.10007
asusrt-ac3100_firmware
𝑥
< 3.0.0.4.384.10007
asusrt-n18u_firmware
𝑥
< 3.0.0.4.382.39935
asusrt-ac87u_firmware
𝑥
< 3.0.0.4.382.50010
asusrt-ac3200_firmware
𝑥
< 3.0.0.4.382.50010
asusrt-ac5300_firmware
𝑥
< 3.0.0.4.384.20287
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html
https://fortiguard.com/zeroday/FG-VD-17-216
https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html
http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html
https://fortiguard.com/zeroday/FG-VD-17-216
https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html