Lucene search

K
saintSAINT CorporationSAINT:9EC44034675C3CB4D052F0A57AE94026
HistoryFeb 28, 2018 - 12:00 a.m.

ASUSWRT vpnupload.cgi authentication bypass

2018-02-2800:00:00
SAINT Corporation
my.saintcorporation.com
561
asuswrt
firmware
authentication bypass
arbitrary command execution
vpnupload.cgi
remote attackers
nvram settings
upgrade
version 3.0.0.4.384_10007
linux
exploit

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.254

Percentile

96.7%

Added: 02/28/2018
CVE: CVE-2018-5999

Background

ASUSWRT is the firmware used in many ASUS devices.

Problem

The combination of two separate vulnerabilities in ASUSWRT allows remote attackers to execute arbitrary commands. The first vulnerability allows an unauthenticated user to make certain POST requests. The second allows NVRAM settings to be changed using a POST request to **vpnupload.cgi**.

Resolution

Upgrade to ASUSWRT version 3.0.0.4.384_10007 or higher.

References

http://seclists.org/fulldisclosure/2018/Jan/78

Platforms

Linux

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.254

Percentile

96.7%