Added: 02/28/2018
CVE: CVE-2018-5999
ASUSWRT is the firmware used in many ASUS devices.
The combination of two separate vulnerabilities in ASUSWRT allows remote attackers to execute arbitrary commands. The first vulnerability allows an unauthenticated user to make certain POST requests. The second allows NVRAM settings to be changed using a POST request to **vpnupload.cgi**
.
Upgrade to ASUSWRT version 3.0.0.4.384_10007 or higher.
http://seclists.org/fulldisclosure/2018/Jan/78
Linux