An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
References
Link | Resource |
---|---|
https://blogs.securiteam.com/index.php/archives/3589 | Exploit Technical Description Third Party Advisory |
https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt | Exploit Third Party Advisory |
https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/43881/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/44176/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-22T20:00:00
Updated: 2018-03-01T10:57:01
Reserved: 2018-01-22T00:00:00
Link: CVE-2018-5999
JSON object: View
NVD Information
Status : Modified
Published: 2018-01-22T20:29:00.227
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-5999
JSON object: View
Redhat Information
No data.
CWE