CVE-2018-14711 - OpenCVE

Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Rt-ac3200 Rt-ac3200 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:rt-ac3200_firmware:3.0.0.4.382.50010:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*

References

Link	Resource
https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-13T12:20:19

Updated: 2019-05-13T12:20:19

Reserved: 2018-07-28T00:00:00

Link: CVE-2018-14711

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-05-13T13:29:01.010

Modified: 2019-05-14T18:56:20.793

Link: CVE-2018-14711

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ac3200_firmware:3.0.0.4.382.50010:*:*:*:*:*:*:*", "matchCriteriaId": "D91911F1-8C43-4229-A9FF-BC35960EC761", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs."}, {"lang": "es", "value": "Una vulnerabilidad en la falta la protecci\u00f3n para cross-site request forgery en appGet.cgi en ASUS RT-AC3200 versi\u00f3n 3.0.0.4.382.50010, permite a los atacantes generar acciones de cambio de estado con URL especialmente creadas."}], "id": "CVE-2018-14711", "lastModified": "2019-05-14T18:56:20.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-13T13:29:01.010", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}