CVE-2018-5999

CVE: CVE-2018-5999
Published: 2018-01-22T20:29Z
Description Language: en
Description: An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
References:

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution


https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt
https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb
https://www.exploit-db.com/exploits/43881/
https://www.exploit-db.com/exploits/44176/