CVE-2018-14714
published 2019-05-13CVE-2018-14714: System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL…
PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
27.41%
97.8th percentile
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asus | rt-ac3200_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandhook=load_script
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)"; flow:established,to_server; http.uri; content:"/appGet.cgi"; startswith; content:"hook|3d|load_script|28 22|"; fast_pattern; reference:url,blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8; reference:cve,2018-14714; classtype:web-application-attack; sid:2064929; rev:1; metadata:affected_product Asus, attack_target Networking_Equipment, created_at 2025_09_25, cve CVE_2018_14714, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_09_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
snort
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)"; flow:established,to_server; http.uri; content:"appGet.cgi"; content:"hook=load_script"; fast_pattern; reference:cve,2018-14714; classtype:attempted-admin; sid:2063396; rev:1; metadata:attack_target Networking_Equipment, created_at 2025_07_10, cve CVE_2018_14714, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2025_07_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
bytes
hook|3d|load_script|28 22|
- →Exploit requests target the URI path /appGet.cgi; match HTTP requests to this endpoint starting with /appGet.cgi directed at networking equipment.
- →The injection is delivered via the 'load_script' URL parameter in the hook query string; look for 'hook=load_script' in HTTP URI on inbound traffic to $HOME_NET or $HTTP_SERVERS. ↗
- →Traffic direction is inbound (any -> $HOME_NET / $HTTP_SERVERS), flow established,to_server — focus detection on perimeter and internal network segments.
- ·Vulnerability is specific to ASUS RT-AC3200 firmware version 3.0.0.4.382.50010; detections are most relevant for environments with this device/firmware deployed. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
suricata·2025-09-25·CVSS 9.8
CVE-2018-14714 [CRITICAL] ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)"; flow:established,to_server; http.uri; content:"/appGet.cgi"; startswith; content:"hook|3d|load_script|28 22|"; fast_pattern; reference:url,blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8; reference:cve,2018-14714; classtype:web-application-attack; sid:2064929; rev:1; metadata:affected_product Asus, attack_target Networking_Equipment, created_at 2025_09_25, cve CVE_2018_14714, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit,
Suricata
ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
suricata·2025-07-10·CVSS 9.8
CVE-2018-14714 [CRITICAL] ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT ASUSWRT Command Injection via load_script Hook in appGet.cgi (CVE-2018-14714)"; flow:established,to_server; http.uri; content:"appGet.cgi"; content:"hook=load_script"; fast_pattern; reference:cve,2018-14714; classtype:attempted-admin; sid:2063396; rev:1; metadata:attack_target Networking_Equipment, created_at 2025_07_10, cve CVE_2018_14714, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2025_07_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
No public exploits indexed.
No writeups or analysis indexed.
2019-05-13
Published