CRITICAL🇵🇱 Wersja polska

CVE-2018-5999

CVSS 9.8v3.0pub. 2018-01-22upd. 2024-11-21

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Asus Asuswrt

    OS
    Asus
    < 3.0.0.4.384_10007
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-26376CRITICAL9.8ten sam produkt

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_4...

CVE-2018-20334CRITICAL9.8ten sam produkt

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is...

CVE-2017-15655CRITICAL9.6ten sam produkt

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. Al...

CVE-2018-6000CRITICAL9.8ten sam produkt

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/we...

CVE-2018-20333HIGH7.5ten sam produkt

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp ...