CVE-2018-8878

CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.5%

top 34.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Asus Firmware Asuswrt-merlin Asuswrt-merlin

Timeline

PublishedFeb 27

Latest updateMay 24

Description

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDasus/asus_firmware< 3.0.0.4.382.50470

▶NVDasuswrt-merlin/asuswrt-merlin< 384.4

🔴Vulnerability Details

GHSA

GHSA-33c5-xpjg-3vv5: Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384↗2022-05-24

▶

CVEList

CVE-2018-8878: Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384↗2020-02-27

▶