Showing 1 - 1 of 1

CVE-2018-9285

Status Candidate

Overview

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.

Related Files

ASUS TM-AC1900 Arbitrary Command Execution: Posted Nov 13, 2020; Authored by b1ack0wl | Site metasploit.com; This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for CVE-2018-9285.; tags | exploit, web, cgi, code execution; advisories | CVE-2018-9285; SHA-256 | ffe065bd21f5291ffd2dce01466f14f19a9e8833bf6d4dc92c47a3e0d3858343; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 274 files
indoushka 182 files
Ubuntu 100 files
Gentoo 32 files
Debian 16 files
malvuln 13 files
Frederik Beimgraben 11 files
Chris Beiter 11 files
Matthias Deeg 11 files
Apple 10 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,130)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,410)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,894)
UNIX (9,463)
UnixWare (188)
Windows (6,782)
Other

CVE-2018-9285

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems