Details of VAR-201804-1564

ID

VAR-201804-1564

CVE

CVE-2018-8826

TITLE

plural ASUS Vulnerability related to input validation in router product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-004414

DESCRIPTION

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. plural ASUS Router product firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSRT-AC51U and others are router products of ASUS. There are security vulnerabilities in several ASUS products. A remote attacker can exploit this vulnerability to execute arbitrary code. The following products are affected: ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, RT-N12 D1 (using firmware earlier than 3.0.0.4.380.8228); RT-AC52U B1, RT-AC1200 , RT-N600 (use the previous version 3.0.0.4.380.10446 firmware); RT-AC55U, RT-AC55UHP (use the previous version 3.0.0.4.382.50276 firmware); RT-AC86U, RT-AC2900 (use the previous version 3.0. version 0.4.384.20648 firmware)

Trust: 2.25

sources: NVD: CVE-2018-8826 // JVNDB: JVNDB-2018-004414 // CNVD: CNVD-2018-09806 // VULHUB: VHN-138858

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-09806

AFFECTED PRODUCTS

vendor:	asus	model:	rt-ac1200	scope:	eq	version:	3.0.0.4.380.10446	Trust: 1.6
vendor:	asus	model:	rt-ac55u	scope:	eq	version:	3.0.0.4.382.50276	Trust: 1.6
vendor:	asus	model:	rt-ac1750	scope:	eq	version:	3.0.0.4.380.8228	Trust: 1.6
vendor:	asus	model:	rt-n12 d1	scope:	eq	version:	3.0.0.4.380.8228	Trust: 1.6
vendor:	asus	model:	rt-n600	scope:	eq	version:	3.0.0.4.380.10446	Trust: 1.6
vendor:	asus	model:	rt-ac86u	scope:	eq	version:	3.0.0.4.384.20648	Trust: 1.6
vendor:	asus	model:	rt-ac2900	scope:	eq	version:	3.0.0.4.384.20648	Trust: 1.6
vendor:	asus	model:	rt-ac52u b1	scope:	eq	version:	3.0.0.4.380.10446	Trust: 1.6
vendor:	asus	model:	rt-ac55uhp	scope:	eq	version:	3.0.0.4.382.50276	Trust: 1.6
vendor:	asus	model:	rt-acrh13	scope:	eq	version:	3.0.0.4.380.8228	Trust: 1.6
vendor:	asus	model:	rt-ac66u	scope:	eq	version:	3.0.0.4.380.8228	Trust: 1.0
vendor:	asus	model:	rt-ac51u	scope:	eq	version:	3.0.0.4.380.8228	Trust: 1.0
vendor:	asus	model:	rt-ac58u	scope:	eq	version:	3.0.0.4.380.8228	Trust: 1.0
vendor:	asustek computer	model:	rt-ac1200	scope:	lt	version:	3.0.0.4.380.10446	Trust: 0.8
vendor:	asustek computer	model:	rt-ac1750	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.8
vendor:	asustek computer	model:	rt-ac2900	scope:	lt	version:	3.0.0.4.384.20648	Trust: 0.8
vendor:	asustek computer	model:	rt-ac51u	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.8
vendor:	asustek computer	model:	rt-ac52u b1	scope:	lt	version:	3.0.0.4.380.10446	Trust: 0.8
vendor:	asustek computer	model:	rt-ac55u	scope:	lt	version:	3.0.0.4.382.50276	Trust: 0.8
vendor:	asustek computer	model:	rt-ac55uhp	scope:	lt	version:	3.0.0.4.382.50276	Trust: 0.8
vendor:	asustek computer	model:	rt-ac58u	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.8
vendor:	asustek computer	model:	rt-ac66u	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.8
vendor:	asustek computer	model:	rt-ac86u	scope:	lt	version:	3.0.0.4.384.20648	Trust: 0.8
vendor:	asustek computer	model:	rt-acrh13	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.8
vendor:	asustek computer	model:	rt-n12 d1	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.8
vendor:	asustek computer	model:	rt-n600	scope:	lt	version:	3.0.0.4.380.10446	Trust: 0.8
vendor:	asus	model:	rt-ac1750	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.6
vendor:	asus	model:	rt-n12 d1	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.6
vendor:	asus	model:	rt-acrh13	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.6
vendor:	asus	model:	rt-ac66u	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.6
vendor:	asus	model:	rt-ac58u	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.6
vendor:	asus	model:	rt-ac51u	scope:	lt	version:	3.0.0.4.380.8228	Trust: 0.6
vendor:	asus	model:	rt-ac52u b1	scope:	lt	version:	3.0.0.4.380.10446	Trust: 0.6
vendor:	asus	model:	rt-ac1200	scope:	lt	version:	3.0.0.4.380.10446	Trust: 0.6
vendor:	asus	model:	rt-n600	scope:	lt	version:	3.0.0.4.380.10446	Trust: 0.6
vendor:	asus	model:	rt-ac55u	scope:	lt	version:	3.0.0.4.382.50276	Trust: 0.6
vendor:	asus	model:	rt-ac55uhp	scope:	lt	version:	3.0.0.4.382.50276	Trust: 0.6
vendor:	asus	model:	rt-ac2900	scope:	lt	version:	3.0.0.4.384.20648	Trust: 0.6
vendor:	asus	model:	rt-ac86u	scope:	lt	version:	3.0.0.4.384.20648	Trust: 0.6

sources: CNVD: CNVD-2018-09806 // JVNDB: JVNDB-2018-004414 // CNNVD: CNNVD-201804-1316 // NVD: CVE-2018-8826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8826
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-8826
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-09806
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201804-1316
value:	HIGH
Trust: 0.6
VULHUB:	VHN-138858
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-8826
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-09806
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-138858
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8826
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-09806 // VULHUB: VHN-138858 // JVNDB: JVNDB-2018-004414 // CNNVD: CNNVD-201804-1316 // NVD: CVE-2018-8826

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-138858 // JVNDB: JVNDB-2018-004414 // NVD: CVE-2018-8826

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1316

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201804-1316

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004414

PATCH

title:	RT-AC55U	url:	https://www.asus.com/us/supportonly/RT-AC55U/HelpDesk_BIOS/	Trust: 0.8
title:	RT-AC1200	url:	https://www.asus.com/us/Networking/RT-AC1200/HelpDesk_BIOS/	Trust: 0.8
title:	RT-AC55UHP	url:	https://www.asus.com/us/supportonly/RT-AC55UHP/HelpDesk_BIOS/	Trust: 0.8
title:	RT-AC1750	url:	https://www.asus.com/us/Networking/RT-AC1750/HelpDesk_BIOS/	Trust: 0.8
title:	RT-AC66U	url:	https://www.asus.com/us/Networking/RTAC66U/HelpDesk_BIOS/	Trust: 0.8
title:	RT-AC86U	url:	https://www.asus.com/us/Networking/RT-AC86U/HelpDesk_BIOS/	Trust: 0.8
title:	RT-ACRH13	url:	https://www.asus.com/us/Networking/RT-ACRH13/HelpDesk_BIOS/	Trust: 0.8
title:	RT-N600	url:	https://www.asus.com/ca-en/Networking/RT-N600/HelpDesk_Download/	Trust: 0.8
title:	RT-N12_D1	url:	https://www.asus.com/us/Networking/RTN12_D1/HelpDesk_BIOS/	Trust: 0.8
title:	RT-AC2900	url:	https://www.asus.com/Networking/RT-AC2900/HelpDesk_BIOS/	Trust: 0.8
title:	RT-N66W	url:	https://www.asus.com/us/Networking/RTN66W/HelpDesk_BIOS/	Trust: 0.8
title:	RT-AC52U-B1	url:	https://www.asus.com/Networking/RT-AC52U-B1/HelpDesk_BIOS/	Trust: 0.8
title:	RT-AC51U	url:	https://www.asus.com/us/supportonly/RT-AC51U/HelpDesk_BIOS/	Trust: 0.8
title:	RT-AC58U	url:	https://www.asus.com/sg/Networking/RT-AC58U/HelpDesk_BIOS/	Trust: 0.8
title:	Patches for arbitrary code execution vulnerabilities for multiple ASUS products	url:	https://www.cnvd.org.cn/patchInfo/show/129599	Trust: 0.6
title:	Multiple ASUS Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79610	Trust: 0.6

sources: CNVD: CNVD-2018-09806 // JVNDB: JVNDB-2018-004414 // CNNVD: CNNVD-201804-1316

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8826	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-004414	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1316	Trust: 0.7
db:	CNVD	id:	CNVD-2018-09806	Trust: 0.6
db:	VULHUB	id:	VHN-138858	Trust: 0.1

sources: CNVD: CNVD-2018-09806 // VULHUB: VHN-138858 // JVNDB: JVNDB-2018-004414 // CNNVD: CNNVD-201804-1316 // NVD: CVE-2018-8826

REFERENCES

url:	https://www.asus.com/networking/rt-ac2900/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/networking/rt-ac52u-b1/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/ca-en/networking/rt-n600/helpdesk_download/	Trust: 1.7
url:	https://www.asus.com/sg/networking/rt-ac58u/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/networking/rt-ac1200/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/networking/rt-ac1750/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/networking/rt-ac86u/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/networking/rt-acrh13/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/networking/rtac66u/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/networking/rtn12_d1/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/networking/rtn66w/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/supportonly/rt-ac51u/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/supportonly/rt-ac55u/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/us/supportonly/rt-ac55uhp/helpdesk_bios/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8826	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8826	Trust: 0.8

sources: CNVD: CNVD-2018-09806 // VULHUB: VHN-138858 // JVNDB: JVNDB-2018-004414 // CNNVD: CNNVD-201804-1316 // NVD: CVE-2018-8826

SOURCES

db:	CNVD	id:	CNVD-2018-09806
db:	VULHUB	id:	VHN-138858
db:	JVNDB	id:	JVNDB-2018-004414
db:	CNNVD	id:	CNNVD-201804-1316
db:	NVD	id:	CVE-2018-8826

LAST UPDATE DATE

2024-11-23T22:41:51.846000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-09806	date:	2018-05-18T00:00:00
db:	VULHUB	id:	VHN-138858	date:	2018-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-004414	date:	2018-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201804-1316	date:	2018-04-23T00:00:00
db:	NVD	id:	CVE-2018-8826	date:	2024-11-21T04:14:23.937

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-09806	date:	2018-05-18T00:00:00
db:	VULHUB	id:	VHN-138858	date:	2018-04-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-004414	date:	2018-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201804-1316	date:	2018-04-23T00:00:00
db:	NVD	id:	CVE-2018-8826	date:	2018-04-20T20:29:00.583