PT-2019-9049 · Asus · Asus Rt-Ac3200
Published
2019-05-13
·
Updated
2024-09-05
·
CVE-2018-14714
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ASUS RT-AC3200 version 3.0.0.4.382.50010
Description
The issue allows attackers to execute system commands via the "load script" URL parameter in the appGet.cgi file. This can be exploited by sending a malicious request to the "/appGet.cgi" endpoint with a crafted
load script parameter.Recommendations
For version 3.0.0.4.382.50010, avoid using the
load script parameter in the appGet.cgi file until a patch is available. As a temporary workaround, consider restricting access to the appGet.cgi file to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Asus Rt-Ac3200