Lucene search

[email protected]CVE-2018-8877

HistoryFeb 27, 2020 - 10:15 p.m.

CVE-2018-8877

2020-02-2722:15:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2018-8877

information disclosure

asuswrt-merlin firmware

asus devices

security vulnerability

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.

CPENameOperatorVersion
asus:asus_firmwareasus asus firmwarelt3.0.0.4.382.50470
asuswrt-merlin:asuswrt-merlinasuswrt-merlinlt384.4

CPE	Name	Operator	Version
asus:asus_firmware	asus asus firmware	lt	3.0.0.4.382.50470
asuswrt-merlin:asuswrt-merlin	asuswrt-merlin	lt	384.4

References

github.com/outofhere/Research/blob/master/2018/Asus/cve_notes.md

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for CVE-2018-8877

prion1 cvelist1