E20-5l8a2
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
4
Year:
2018
Description
A command injection vulnerability exists in ASUSWRT firmware version 3.0.0.4.382.50624 and earlier. The flaw results from lack of user input validation for HTTP parameters on the appGet.cgi path. By sending a crafted hook parameter, a remote attacker may execute arbitrary OS commands as the root user.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}