Sign-up

ID

VAR-201905-0804


CVE

CVE-2018-14712


TITLE

ASUS RT-AC3200 Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015413 // CNNVD: CNNVD-201905-290

DESCRIPTION

Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter. ASUS RT-AC3200 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ASUS RT-AC3200 is a wireless router manufactured by Taiwan ASUS Corporation. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2018-14712 // JVNDB: JVNDB-2018-015413 // VULHUB: VHN-124899

AFFECTED PRODUCTS

vendor:asusmodel:rt-ac3200scope:eqversion:3.0.0.4.382.50010

Trust: 1.0

vendor:asustek computermodel:rt-ac3200scope:eqversion:3.0.0.4.382.50010

Trust: 0.8

sources: JVNDB: JVNDB-2018-015413 // NVD: CVE-2018-14712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14712
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-14712
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-290
value: MEDIUM

Trust: 0.6

VULHUB: VHN-124899
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14712
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-124899
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14712
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-124899 // JVNDB: JVNDB-2018-015413 // CNNVD: CNNVD-201905-290 // NVD: CVE-2018-14712

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-124899 // JVNDB: JVNDB-2018-015413 // NVD: CVE-2018-14712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-290

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-290

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015413

PATCH
title:Top Pageurl:https://www.asustor.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015413

EXTERNAL IDS
db:NVDid:CVE-2018-14712
Trust: 2.5
db:JVNDBid:JVNDB-2018-015413
Trust: 0.8
db:CNNVDid:CNNVD-201905-290
Trust: 0.7
db:VULHUBid:VHN-124899
Trust: 0.1
sources:
            
            
            VULHUB: VHN-124899 // 
            
            
            
            JVNDB: JVNDB-2018-015413 // 
            
            
            
            CNNVD: CNNVD-201905-290 // 
            
            
            
            NVD: CVE-2018-14712

REFERENCES
url:https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-14712
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14712
Trust: 0.8
sources:
            
            
            VULHUB: VHN-124899 // 
            
            
            
            JVNDB: JVNDB-2018-015413 // 
            
            
            
            CNNVD: CNNVD-201905-290 // 
            
            
            
            NVD: CVE-2018-14712

SOURCES
db:VULHUBid:VHN-124899
db:JVNDBid:JVNDB-2018-015413
db:CNNVDid:CNNVD-201905-290
db:NVDid:CVE-2018-14712

LAST UPDATE DATE
2024-11-23T21:37:17.958000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-124899date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2018-015413date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-290date:2019-05-16T00:00:00
db:NVDid:CVE-2018-14712date:2024-11-21T03:49:38.760

SOURCES RELEASE DATE
db:VULHUBid:VHN-124899date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2018-015413date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-290date:2019-05-13T00:00:00
db:NVDid:CVE-2018-14712date:2019-05-13T13:29:01.073