CVE-2018-20334

Name of the Vulnerable Software and Affected Versions: ASUSWRT version 3.0.0.4.384.20308

Description: An issue was discovered in the processing of the "/start apply.htm" POST data, where a command injection issue exists via shell metacharacters in the fb email parameter. This allows an attacker to control the router and gain shell access.

Recommendations: For ASUSWRT version 3.0.0.4.384.20308, as a temporary workaround, consider restricting access to the "/start apply.htm" endpoint or avoiding the use of the fb email parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.