Lucene search

K
saintSAINT CorporationSAINT:1FAFFE9723ECA2EE5DFB56A36466F828
HistoryFeb 28, 2018 - 12:00 a.m.

ASUSWRT vpnupload.cgi authentication bypass

2018-02-2800:00:00
SAINT Corporation
download.saintcorporation.com
852

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.32 Low

EPSS

Percentile

96.6%

Added: 02/28/2018
CVE: CVE-2018-5999

Background

ASUSWRT is the firmware used in many ASUS devices.

Problem

The combination of two separate vulnerabilities in ASUSWRT allows remote attackers to execute arbitrary commands. The first vulnerability allows an unauthenticated user to make certain POST requests. The second allows NVRAM settings to be changed using a POST request to **vpnupload.cgi**.

Resolution

Upgrade to ASUSWRT version 3.0.0.4.384_10007 or higher.

References

<http://seclists.org/fulldisclosure/2018/Jan/78&gt;

Platforms

Linux

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.32 Low

EPSS

Percentile

96.6%

Related for SAINT:1FAFFE9723ECA2EE5DFB56A36466F828