PT-2018-17282 · Asus · Asuswrt

Pedro Ribeiro

Published

2018-01-22

Updated

2019-10-03

CVE-2018-5999

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: AsusWRT versions prior to 3.0.0.4.384 10007

Description: An issue was discovered where the handle request function in router/httpd/httpd.c continues processing of POST requests even if authentication fails.

Recommendations: For versions prior to 3.0.0.4.384 10007, update to version 3.0.0.4.384 10007 or later to resolve the issue. As a temporary workaround, consider restricting access to the handle request function in router/httpd/httpd.c until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-5999

Affected Products

Asuswrt

PT-2018-17282 · Asus · Asuswrt

CVE-2018-5999

Related Identifiers

Affected Products

References · 8