cbcvebase.
CVE-2018-14714
published 2019-05-13

CVE-2018-14714: System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL…

PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
27.41%
97.8th percentile
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
asusrt-ac3200_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/appGet.cgi
commandhook=load_script
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)"; flow:established,to_server; http.uri; content:"/appGet.cgi"; startswith; content:"hook|3d|load_script|28 22|"; fast_pattern; reference:url,blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8; reference:cve,2018-14714; classtype:web-application-attack; sid:2064929; rev:1; metadata:affected_product Asus, attack_target Networking_Equipment, created_at 2025_09_25, cve CVE_2018_14714, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_09_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
snort
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)"; flow:established,to_server; http.uri; content:"appGet.cgi"; content:"hook=load_script"; fast_pattern; reference:cve,2018-14714; classtype:attempted-admin; sid:2063396; rev:1; metadata:attack_target Networking_Equipment, created_at 2025_07_10, cve CVE_2018_14714, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2025_07_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
bytes
hook|3d|load_script|28 22|
  • Exploit requests target the URI path /appGet.cgi; match HTTP requests to this endpoint starting with /appGet.cgi directed at networking equipment.
  • The injection is delivered via the 'load_script' URL parameter in the hook query string; look for 'hook=load_script' in HTTP URI on inbound traffic to $HOME_NET or $HTTP_SERVERS.
  • Traffic direction is inbound (any -> $HOME_NET / $HTTP_SERVERS), flow established,to_server — focus detection on perimeter and internal network segments.
  • ·Vulnerability is specific to ASUS RT-AC3200 firmware version 3.0.0.4.382.50010; detections are most relevant for environments with this device/firmware deployed.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.