RCE in Asus Rt-ac68u
CVE-2013-5948
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Tar…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.438 (97.6th percentile) — read the EPSS interpretation.
Affected products
- Asus Rt-ac68u
- Asus Rt-ac68u_firmware — versions 3.0.0.4.374.4755, 3.0.0.4.374_4561, 3.0.0.4.374_4887
- T-mobile Tm-ac1900 — versions 3.0.0.4.376_3169
- N/a — versions n/a
Weakness classification (CWE)
References
- 20140404 Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- 20140404 Re: Remote Command Execution within the ASUS RT-AC68U Managing Web Interface (mailing-list, Exploit, x_refsource_FULLDISC)