Sign-up

ID

VAR-201905-0806


CVE

CVE-2018-14714


TITLE

ASUS RT-AC3200 Command injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015415 // CNNVD: CNNVD-201905-292

DESCRIPTION

System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter. ASUS RT-AC3200 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS RT-AC3200 is a wireless router manufactured by Taiwan ASUS Corporation. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

Trust: 1.8

sources: NVD: CVE-2018-14714 // JVNDB: JVNDB-2018-015415 // VULHUB: VHN-124901 // VULMON: CVE-2018-14714

AFFECTED PRODUCTS

vendor:asusmodel:rt-ac3200scope:eqversion:3.0.0.4.382.50010

Trust: 1.0

vendor:asustek computermodel:rt-ac3200scope:eqversion:3.0.0.4.382.50010

Trust: 0.8

sources: JVNDB: JVNDB-2018-015415 // NVD: CVE-2018-14714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14714
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14714
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-292
value: CRITICAL

Trust: 0.6

VULHUB: VHN-124901
value: HIGH

Trust: 0.1

VULMON: CVE-2018-14714
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-14714
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-124901
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14714
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-124901 // VULMON: CVE-2018-14714 // JVNDB: JVNDB-2018-015415 // CNNVD: CNNVD-201905-292 // NVD: CVE-2018-14714

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-124901 // JVNDB: JVNDB-2018-015415 // NVD: CVE-2018-14714

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-292

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-292

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015415

PATCH
title:Top Pageurl:https://www.asustor.com/
Trust: 0.8
title:CVE-2018-14714-POCurl:https://github.com/tin-z/CVE-2018-14714-POC 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-14714 // 
            
            
            
            JVNDB: JVNDB-2018-015415

EXTERNAL IDS
db:NVDid:CVE-2018-14714
Trust: 2.6
db:JVNDBid:JVNDB-2018-015415
Trust: 0.8
db:CNNVDid:CNNVD-201905-292
Trust: 0.7
db:VULHUBid:VHN-124901
Trust: 0.1
db:VULMONid:CVE-2018-14714
Trust: 0.1
sources:
            
            
            VULHUB: VHN-124901 // 
            
            
            
            VULMON: CVE-2018-14714 // 
            
            
            
            JVNDB: JVNDB-2018-015415 // 
            
            
            
            CNNVD: CNNVD-201905-292 // 
            
            
            
            NVD: CVE-2018-14714

REFERENCES
url:https://blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-14714
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14714
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://github.com/tin-z/cve-2018-14714-poc
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-124901 // 
            
            
            
            VULMON: CVE-2018-14714 // 
            
            
            
            JVNDB: JVNDB-2018-015415 // 
            
            
            
            CNNVD: CNNVD-201905-292 // 
            
            
            
            NVD: CVE-2018-14714

SOURCES
db:VULHUBid:VHN-124901
db:VULMONid:CVE-2018-14714
db:JVNDBid:JVNDB-2018-015415
db:CNNVDid:CNNVD-201905-292
db:NVDid:CVE-2018-14714

LAST UPDATE DATE
2024-11-23T22:55:32.950000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-124901date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-14714date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-015415date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-292date:2019-10-23T00:00:00
db:NVDid:CVE-2018-14714date:2024-11-21T03:49:39.180

SOURCES RELEASE DATE
db:VULHUBid:VHN-124901date:2019-05-13T00:00:00
db:VULMONid:CVE-2018-14714date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2018-015415date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-292date:2019-05-13T00:00:00
db:NVDid:CVE-2018-14714date:2019-05-13T13:29:01.197