CVE-2018-9285 — CRITICAL (9.8)

Q: How severe is CVE-2018-9285?

CVE-2018-9285 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-9285?

Check the references section above for vendor advisories and patch information. Affected products include: Asus Rt-Ac66U Firmware, Asus Rt-Ac66U, Asus Rt-Ac68U Firmware, Asus Rt-Ac68U, Asus Rt-Ac86U Firmware.

Vulnerability Description

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Asus	Rt-Ac66U Firmware	< 3.0.0.4.384.10007
Asus	Rt-Ac66U	-
Asus	Rt-Ac68U Firmware	< 3.0.0.4.384.10007
Asus	Rt-Ac68U	-
Asus	Rt-Ac86U Firmware	< 3.0.0.4.384.10007
Asus	Rt-Ac86U	-
Asus	Rt-Ac88U Firmware	< 3.0.0.4.384.10007
Asus	Rt-Ac88U	-
Asus	Rt-Ac1900 Firmware	< 3.0.0.4.384.10007
Asus	Rt-Ac1900	-
Asus	Rt-Ac2900 Firmware	< 3.0.0.4.384.10007
Asus	Rt-Ac2900	-
Asus	Rt-Ac3100 Firmware	< 3.0.0.4.384.10007
Asus	Rt-Ac3100	-
Asus	Rt-N18U Firmware	< 3.0.0.4.382.39935
Asus	Rt-N18U	-
Asus	Rt-Ac87U Firmware	< 3.0.0.4.382.50010
Asus	Rt-Ac87U	-
Asus	Rt-Ac3200 Firmware	< 3.0.0.4.382.50010
Asus	Rt-Ac3200	-

Related Weaknesses (CWE)

CWE-78

References

http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Exe
https://fortiguard.com/zeroday/FG-VD-17-216Third Party Advisory
https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerabThird Party Advisory
http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Exe
https://fortiguard.com/zeroday/FG-VD-17-216Third Party Advisory
https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerabThird Party Advisory

FAQ

What is CVE-2018-9285?

CVE-2018-9285 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; ...

How severe is CVE-2018-9285?

CVE-2018-9285 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-9285?

Check the references section above for vendor advisories and patch information. Affected products include: Asus Rt-Ac66U Firmware, Asus Rt-Ac66U, Asus Rt-Ac68U Firmware, Asus Rt-Ac68U, Asus Rt-Ac86U Firmware.