PT-2018-17283 · Asus · Asuswrt

Pedro Ribeiro

Published

2018-01-22

Updated

2019-10-03

CVE-2018-6000

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: AsusWRT versions prior to 3.0.0.4.384 10007

Description: An issue was discovered that allows attackers to set the admin password and launch an SSH daemon, or enable infosvr command mode, via a crafted request to the do vpnupload post function in vpnupload.cgi. This provides a means for unauthenticated attackers to obtain remote administrative access.

Recommendations: For versions prior to 3.0.0.4.384 10007, update to version 3.0.0.4.384 10007 or later to resolve the issue. As a temporary workaround, consider restricting access to the vpnupload.cgi endpoint to minimize the risk of exploitation.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2018-6000

Affected Products

Asuswrt

PT-2018-17283 · Asus · Asuswrt

CVE-2018-6000

Weakness Enumeration

Related Identifiers

Affected Products

References · 8