CVE-2018-9285

Summary

CVE	CVE-2018-9285
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-04-04 19:29:00 UTC
Updated	2020-11-13 18:15:00 UTC
Description	Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.

Risk And Classification

Problem Types: CWE-78

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Asus	Rt-ac1900	-	All	All	All
Hardware	Asus	Rt-ac1900	-	All	All	All
Operating System	Asus	Rt-ac1900 Firmware	All	All	All	All
Operating System	Asus	Rt-ac1900 Firmware	All	All	All	All
Hardware	Asus	Rt-ac2900	-	All	All	All
Hardware	Asus	Rt-ac2900	-	All	All	All
Operating System	Asus	Rt-ac2900 Firmware	All	All	All	All
Operating System	Asus	Rt-ac2900 Firmware	All	All	All	All
Hardware	Asus	Rt-ac3100	-	All	All	All
Hardware	Asus	Rt-ac3100	-	All	All	All
Operating System	Asus	Rt-ac3100 Firmware	All	All	All	All
Operating System	Asus	Rt-ac3100 Firmware	All	All	All	All
Hardware	Asus	Rt-ac3200	-	All	All	All
Hardware	Asus	Rt-ac3200	-	All	All	All
Operating System	Asus	Rt-ac3200 Firmware	All	All	All	All
Operating System	Asus	Rt-ac3200 Firmware	All	All	All	All
Hardware	Asus	Rt-ac5300	-	All	All	All
Hardware	Asus	Rt-ac5300	-	All	All	All
Operating System	Asus	Rt-ac5300 Firmware	All	All	All	All
Operating System	Asus	Rt-ac5300 Firmware	All	All	All	All
Hardware	Asus	Rt-ac66u	-	All	All	All
Hardware	Asus	Rt-ac66u	-	All	All	All
Operating System	Asus	Rt-ac66u Firmware	All	All	All	All
Operating System	Asus	Rt-ac66u Firmware	All	All	All	All
Hardware	Asus	Rt-ac68u	-	All	All	All
Hardware	Asus	Rt-ac68u	-	All	All	All
Operating System	Asus	Rt-ac68u Firmware	All	All	All	All
Operating System	Asus	Rt-ac68u Firmware	All	All	All	All
Hardware	Asus	Rt-ac86u	-	All	All	All
Hardware	Asus	Rt-ac86u	-	All	All	All
Operating System	Asus	Rt-ac86u Firmware	All	All	All	All
Operating System	Asus	Rt-ac86u Firmware	All	All	All	All
Hardware	Asus	Rt-ac87u	-	All	All	All
Hardware	Asus	Rt-ac87u	-	All	All	All
Operating System	Asus	Rt-ac87u Firmware	All	All	All	All
Operating System	Asus	Rt-ac87u Firmware	All	All	All	All
Hardware	Asus	Rt-ac88u	-	All	All	All
Hardware	Asus	Rt-ac88u	-	All	All	All
Operating System	Asus	Rt-ac88u Firmware	All	All	All	All
Operating System	Asus	Rt-ac88u Firmware	All	All	All	All
Hardware	Asus	Rt-n18u	-	All	All	All
Hardware	Asus	Rt-n18u	-	All	All	All
Operating System	Asus	Rt-n18u Firmware	All	All	All	All
Operating System	Asus	Rt-n18u Firmware	All	All	All	All

References

Reference	Source	Link	Tags
FortiGuard Labs Discovers Vulnerability in Asus Router	MISC	www.fortinet.com	Third Party Advisory
ASUS TM-AC1900 Arbitrary Command Execution ≈ Packet Storm	MISC	packetstormsecurity.com
Fortinet Discovers Asus Routers Remote Code Execution Vulnerability \| FortiGuard	MISC	fortiguard.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.