Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6000

CWE-862Missing AuthorizationCWE-20Improper Input Validation8 documents7 sources
Severity
9.8CRITICAL
EPSS
90.7%
top 0.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Asus Asuswrt
Timeline
PublishedJan 22
Latest updateMay 13

Description

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDasus/asuswrt< 3.0.0.4.384_10007

🔴Vulnerability Details

3
GHSA
GHSA-92f5-6w73-42pg: An issue was discovered in AsusWRT before 32022-05-13
CVEList
CVE-2018-6000: An issue was discovered in AsusWRT before 32018-01-22
VulnCheck
ASUS asuswrt Missing Authorization2018

💥Exploits & PoCs

2
Exploit-DB
AsusWRT LAN - Remote Code Execution (Metasploit)2018-02-26
Exploit-DB
AsusWRT Router < 3.0.0.4.380.7743 - LAN Remote Code Execution2018-01-22

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability2018-10-17
CVE-2018-6000 (CRITICAL CVSS 9.8) | An issue was discovered in AsusWRT | cvebase.io