{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-20T00:11:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://starlabs.sg/advisories/18-20334/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20334", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://starlabs.sg/advisories/18-20334/", "refsource": "MISC", "url": "https://starlabs.sg/advisories/18-20334/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:58:18.926Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://starlabs.sg/advisories/18-20334/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20334", "datePublished": "2020-03-20T00:11:06", "dateReserved": "2018-12-21T00:00:00", "dateUpdated": "2024-08-05T11:58:18.926Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*", "matchCriteriaId": "4F4DB439-E9CC-4BA5-9A05-B51BF8DCD038", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:gt-ac2900:-:*:*:*:*:*:*:*", "matchCriteriaId": "B581C286-7C47-42BF-8876-243285409374", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:gt-ac5300:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D2B9867-7DA3-4221-9148-36FD412FA993", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "9BE19DF1-EB89-4CE5-956F-79BD4AD5E52F", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac1200_v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "80BBA2CB-3DD3-4A8F-9556-E845AFAB2043", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac1200g:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CF74439-AD6D-4BBB-9254-640170FE1CF3", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac1200ge:-:*:*:*:*:*:*:*", "matchCriteriaId": "2078161F-17EB-45EE-BCE9-C86B3860FD5C", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac1750:-:*:*:*:*:*:*:*", "matchCriteriaId": "59001E8D-E835-464A-915A-AAF59F2F397F", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac1750_b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "51FC355D-5C81-4041-B649-EB271CA55AFD", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac1900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1E5EEF4-D19B-41D1-86B6-F2CBB745570E", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac3100:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9B17C2B-A1EC-4FC1-8AB1-F35D9E3A0AA2", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac3200:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFE8A3B1-284B-40EC-872E-B8F7103F108C", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac51u:-:*:*:*:*:*:*:*", "matchCriteriaId": "24748D40-7F43-44DA-BBEF-46D85D2AADA3", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac5300:-:*:*:*:*:*:*:*", "matchCriteriaId": "55EE62D6-1E29-4E84-8944-D3D68E212140", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac55u:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C7DF43D-7EEE-405C-BB2B-822936BCB4A0", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac56r:-:*:*:*:*:*:*:*", "matchCriteriaId": "E32874C8-05B6-44A1-B118-DC2F4FE62134", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac56s:-:*:*:*:*:*:*:*", "matchCriteriaId": "63A1E548-F12D-4BF7-9C01-1325A725FF91", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac56u:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3E87BA7-FACD-46B2-BE2A-9EFEA3C62C17", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac66r:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D59C40A-D9BA-455B-9F9E-D3B6FB80BC13", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac66u:-:*:*:*:*:*:*:*", "matchCriteriaId": "1ED39CBC-80ED-4037-9285-4D4CFA45F00E", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac66u-b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD103F76-C432-4577-8465-831E0314D8D4", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac66u_b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F6B0EC4-797D-4059-AA90-EC09A49FE105", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac68p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5713F0F3-B616-42B7-A0D8-7983F00E79FE", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac68u:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E23D00B-76E3-438C-8023-3D7CC6AEEE15", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*", "matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ac88u:-:*:*:*:*:*:*:*", "matchCriteriaId": "81008E66-B5E8-4DE5-B14D-E6983C69BC29", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-acrh12:-:*:*:*:*:*:*:*", "matchCriteriaId": "1EF9FF00-2DDC-4900-8A93-A51E41EA5C17", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-acrh13:-:*:*:*:*:*:*:*", "matchCriteriaId": "41AF79B6-D208-4357-A08D-D1AB6F136F59", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D747097-702E-4046-9723-01A586336534", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*", "matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*", "matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-g32:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AD16BBF-DB02-4E96-A310-82C13898B29D", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n10\\+d1:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8794D4A-5E8C-432D-A2FB-9CF86158E8D5", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n10e:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AFCC588-AAA6-45FA-8D1F-E57C7693D27A", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n14u:-:*:*:*:*:*:*:*", "matchCriteriaId": "85B0C29C-29A5-4659-8D76-9241B13682DF", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n16:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E016FE0-0A28-49AA-A213-38A5F7728FE2", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n19:-:*:*:*:*:*:*:*", "matchCriteriaId": "507A5D4D-CAF9-4417-9EA6-B499E04D1CDD", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n56r:-:*:*:*:*:*:*:*", "matchCriteriaId": "14C092D3-14B2-4DBB-8C20-D15F0BA33FA8", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*", "matchCriteriaId": "534C0C95-9DD2-464C-8776-01B47398FE13", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n600:-:*:*:*:*:*:*:*", "matchCriteriaId": "481C7F6F-23A4-4B8B-8E14-44ADFCBE8C58", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n65u:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5567C97-0AE2-429B-B4D7-1CF501BD2C07", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n66r:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB4466BA-09EB-43F0-9610-6574F10B5810", "vulnerable": false}, {"criteria": "cpe:2.3:h:asus:rt-n66u:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A60BB38-11FC-48C4-B592-29C6C3A6FEAE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell."}, {"lang": "es", "value": "Se detect\u00f3 un problema en ASUSWRT versi\u00f3n 3.0.0.4.384.20308. Al procesar los datos POST del archivo /start_apply.htm, se presenta un problema de inyecci\u00f3n de comandos por medio de metacaracteres de shell en el par\u00e1metro fb_email. Al usar este problema, un atacante puede controlar el enrutador y conseguir la shell."}], "id": "CVE-2018-20334", "lastModified": "2020-03-23T21:59:04.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-20T01:15:22.357", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://starlabs.sg/advisories/18-20334/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}