Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-5948

CWE-78 — OS Command Injection5 documents5 sources

Severity

8.5HIGH

EPSS

43.7%

top 2.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Asus Rt-ac68u Firmware T-mobile Tm-ac1900

Timeline

PublishedApr 22

Latest updateMay 17

Description

The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

▶NVDasus/rt-ac68u_firmware3.0.0.4.374.4755, 3.0.0.4.374_4561, 3.0.0.4.374_4887+2

▶NVDt-mobile/tm-ac19003.0.0.4.376_3169

🔴Vulnerability Details

GHSA

GHSA-v58v-p24g-62g2: The Network Analysis tab (Main_Analysis_Content↗2022-05-17

▶

CVEList

CVE-2013-5948: The Network Analysis tab (Main_Analysis_Content↗2014-04-21

▶

VulnCheck

t-mobile tm-ac1900 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2013

▶

💥Exploits & PoCs

Exploit-DB

Asus RT56U 3.0.0.4.360 - Remote Command Injection↗2013-06-07

▶