Details of VAR-201801-1394

ID

VAR-201801-1394

CVE

CVE-2018-6000

TITLE

AsusWRT Vulnerabilities in environment settings

Trust: 0.8

sources: JVNDB: JVNDB-2018-001661

DESCRIPTION

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999. AsusWRT Contains a vulnerability related to configuration settings.CVE-2018-5999 Information is obtained, information is tampered with, and service operation is disrupted by exploiting it together with vulnerabilities (DoS) There is a possibility of being put into a state. ASUS AsusWRT is a router operating system developed by ASUS. There is a security vulnerability in the 'do_vpnupload_post' function of the router/httpd/web.c file in the vpnupload.cgi file in ASUS AsusWRT versions earlier than 3.0.0.4.384_10007

Trust: 1.8

sources: NVD: CVE-2018-6000 // JVNDB: JVNDB-2018-001661 // VULHUB: VHN-136032 // VULMON: CVE-2018-6000

AFFECTED PRODUCTS

vendor:	asus	model:	asuswrt	scope:	lt	version:	3.0.0.4.384_10007	Trust: 1.0
vendor:	asustek computer	model:	asuswrt	scope:	lt	version:	3.0.0.4.384_10007	Trust: 0.8

sources: JVNDB: JVNDB-2018-001661 // NVD: CVE-2018-6000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-6000
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-6000
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201801-851
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-136032
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-6000
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-6000
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-136032
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-6000
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-136032 // VULMON: CVE-2018-6000 // JVNDB: JVNDB-2018-001661 // CNNVD: CNNVD-201801-851 // NVD: CVE-2018-6000

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-16	Trust: 0.9

sources: VULHUB: VHN-136032 // JVNDB: JVNDB-2018-001661 // NVD: CVE-2018-6000

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-851

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-201801-851

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001661

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-136032 // VULMON: CVE-2018-6000

PATCH

title:	ASUSWRT	url:	https://www.asus.com/ASUSWRT/	Trust: 0.8
title:	ASUS AsusWRT Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78010	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/asus-patches-root-command-execution-flaws-haunting-over-a-dozen-router-models/129666/	Trust: 0.1

sources: VULMON: CVE-2018-6000 // JVNDB: JVNDB-2018-001661 // CNNVD: CNNVD-201801-851

EXTERNAL IDS

db:	NVD	id:	CVE-2018-6000	Trust: 2.6
db:	EXPLOIT-DB	id:	43881	Trust: 1.8
db:	EXPLOIT-DB	id:	44176	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-001661	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-851	Trust: 0.7
db:	VULHUB	id:	VHN-136032	Trust: 0.1
db:	VULMON	id:	CVE-2018-6000	Trust: 0.1

sources: VULHUB: VHN-136032 // VULMON: CVE-2018-6000 // JVNDB: JVNDB-2018-001661 // CNNVD: CNNVD-201801-851 // NVD: CVE-2018-6000

REFERENCES

url:	https://blogs.securiteam.com/index.php/archives/3589	Trust: 2.6
url:	https://www.exploit-db.com/exploits/44176/	Trust: 1.9
url:	https://www.exploit-db.com/exploits/43881/	Trust: 1.8
url:	https://github.com/pedrib/poc/blob/master/advisories/asuswrt-lan-rce.txt	Trust: 1.8
url:	https://raw.githubusercontent.com/pedrib/poc/master/exploits/metasploit/asuswrt_lan_rce.rb	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6000	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6000	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/862.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/modules/exploit/linux/http/asuswrt_lan_rce	Trust: 0.1

sources: VULHUB: VHN-136032 // VULMON: CVE-2018-6000 // JVNDB: JVNDB-2018-001661 // CNNVD: CNNVD-201801-851 // NVD: CVE-2018-6000

SOURCES

db:	VULHUB	id:	VHN-136032
db:	VULMON	id:	CVE-2018-6000
db:	JVNDB	id:	JVNDB-2018-001661
db:	CNNVD	id:	CNNVD-201801-851
db:	NVD	id:	CVE-2018-6000

LAST UPDATE DATE

2024-08-14T14:26:54.129000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-136032	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-6000	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-001661	date:	2018-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201801-851	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-6000	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-136032	date:	2018-01-22T00:00:00
db:	VULMON	id:	CVE-2018-6000	date:	2018-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-001661	date:	2018-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201801-851	date:	2018-01-23T00:00:00
db:	NVD	id:	CVE-2018-6000	date:	2018-01-22T20:29:00.290