CVE-2018-18287 - OpenCVE

On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Rt-ac58u Rt-ac58u Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:rt-ac58u_firmware:3.0.0.4.380.6516:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ac58u:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/remix30303/AsusLeak	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-10-14T21:00:00

Updated: 2018-10-14T20:57:01

Reserved: 2018-10-14T00:00:00

Link: CVE-2018-18287

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-14T21:29:00.603

Modified: 2019-01-23T21:08:16.900

Link: CVE-2018-18287

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ac58u_firmware:3.0.0.4.380.6516:*:*:*:*:*:*:*", "matchCriteriaId": "58D1F62F-BEE2-48E0-A1D0-D3006BAFFBD7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ac58u:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC2A116A-FFAC-4A07-A7A6-88DDF4842932", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page."}, {"lang": "es", "value": "En dispositivos ASUS RT-AC58U 3.0.0.4.380_6516, los atacantes remotos pueden descubrir nombres de host y direcciones IP leyendo datos dhcpLeaseInfo en el c\u00f3digo fuente HTML de la p\u00e1gina Main_Login.asp."}], "id": "CVE-2018-18287", "lastModified": "2019-01-23T21:08:16.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-14T21:29:00.603", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/remix30303/AsusLeak"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}