Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-5999

5 documents4 sources
Severity
9.8CRITICAL
EPSS
90.8%
top 0.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Asus Asuswrt
Timeline
PublishedJan 22
Latest updateMay 13

Description

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDasus/asuswrt< 3.0.0.4.384_10007

🔴Vulnerability Details

2
GHSA
GHSA-8pph-m89g-pffm: An issue was discovered in AsusWRT before 32022-05-13
CVEList
CVE-2018-5999: An issue was discovered in AsusWRT before 32018-01-22

💥Exploits & PoCs

2
Exploit-DB
AsusWRT LAN - Remote Code Execution (Metasploit)2018-02-26
Exploit-DB
AsusWRT Router < 3.0.0.4.380.7743 - LAN Remote Code Execution2018-01-22
CVE-2018-5999 (CRITICAL CVSS 9.8) | An issue was discovered in AsusWRT | cvebase.io