Vulnerability Description
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| T-Mobile | Tm-Ac1900 | 3.0.0.4.376_3169 |
| Asus | Rt-Ac68U Firmware | 3.0.0.4.374.4755 |
| Asus | Rt-Ac68U | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Apr/59
- http://seclists.org/fulldisclosure/2014/Apr/66Exploit
- http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
- https://support.t-mobile.com/docs/DOC-21994
- http://seclists.org/fulldisclosure/2014/Apr/59
- http://seclists.org/fulldisclosure/2014/Apr/66Exploit
- http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
- https://support.t-mobile.com/docs/DOC-21994
FAQ
What is CVE-2013-5948?
CVE-2013-5948 is a vulnerability with a CVSS score of 8.5 (HIGH). The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary comma...
How severe is CVE-2013-5948?
CVE-2013-5948 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5948?
Check the references section above for vendor advisories and patch information. Affected products include: T-Mobile Tm-Ac1900, Asus Rt-Ac68U Firmware, Asus Rt-Ac68U.