Vulnerability Name:

CVE-2018-8826 (CCN-142190)

Assigned:2018-04-12
Published:2018-04-12
Updated:2018-05-24
Summary:ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2018-8826

Source: XF
Type: UNKNOWN
asus-cve20188826-code-exec(142190)

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/ca-en/Networking/RT-N600/HelpDesk_Download/

Source: CCN
Type: ASUS Web site
RT-AC2900

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/Networking/RT-AC2900/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/Networking/RT-AC52U-B1/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/sg/Networking/RT-AC58U/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/Networking/RT-AC1200/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/Networking/RT-AC1750/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/Networking/RT-AC86U/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/Networking/RT-ACRH13/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/Networking/RTAC66U/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/Networking/RTN12_D1/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/Networking/RTN66W/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/supportonly/RT-AC51U/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/supportonly/RT-AC55U/HelpDesk_BIOS/

Source: CONFIRM
Type: Vendor Advisory
https://www.asus.com/us/supportonly/RT-AC55UHP/HelpDesk_BIOS/

Vulnerable Configuration:Configuration 1:
  • cpe:/o:asus:rt-ac51u_firmware:3.0.0.4.380.8228:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac51u:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:asus:rt-ac58u_firmware:3.0.0.4.380.8228:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac58U:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.380.8228:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac66u:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:asus:rt-ac1750_firmware:3.0.0.4.380.8228:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac1750:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:asus:rt-n12_d1_firmware:3.0.0.4.380.8228:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-n12_d1:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:asus:rt-ac52u_b1_firmware:3.0.0.4.380.10446:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac52u_b1:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:asus:rt-ac1200_firmware:3.0.0.4.380.10446:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac1200:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:asus:rt-n600_firmware:3.0.0.4.380.10446:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-n600:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:asus:rt-ac55u_firmware:3.0.0.4.382.50276:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac55u:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:asus:rt-ac55uhp_firmware:3.0.0.4.382.50276:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac55uhp:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:asus:rt-ac86u_firmware:3.0.0.4.384.20648:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac86u:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:asus:rt-acrh13_firmware:3.0.0.4.380.8228:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-acrh13:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:asus:rt-ac2900_firmware:3.0.0.4.384.20648:*:*:*:*:*:*:*
  • AND
  • cpe:/h:asus:rt-ac2900:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:asus:rt-ac66u:*:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-ac51u:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-ac55u:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-ac1200:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-ac1750:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-n600:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-ac58U:*:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-ac86u:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-ac2900:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-acrh13:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-n12_d1:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-ac52u_b1:-:*:*:*:*:*:*:*
  • OR cpe:/h:asus:rt-ac55uhp:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    asus rt-ac51u firmware 3.0.0.4.380.8228
    asus rt-ac51u -
    asus rt-ac58u firmware 3.0.0.4.380.8228
    asus rt-ac58U -
    asus rt-ac66u firmware 3.0.0.4.380.8228
    asus rt-ac66u -
    asus rt-ac1750 firmware 3.0.0.4.380.8228
    asus rt-ac1750 -
    asus rt-n12 d1 firmware 3.0.0.4.380.8228
    asus rt-n12 d1 -
    asus rt-ac52u b1 firmware 3.0.0.4.380.10446
    asus rt-ac52u b1 -
    asus rt-ac1200 firmware 3.0.0.4.380.10446
    asus rt-ac1200 -
    asus rt-n600 firmware 3.0.0.4.380.10446
    asus rt-n600 -
    asus rt-ac55u firmware 3.0.0.4.382.50276
    asus rt-ac55u -
    asus rt-ac55uhp firmware 3.0.0.4.382.50276
    asus rt-ac55uhp -
    asus rt-ac86u firmware 3.0.0.4.384.20648
    asus rt-ac86u -
    asus rt-acrh13 firmware 3.0.0.4.380.8228
    asus rt-acrh13 -
    asus rt-ac2900 firmware 3.0.0.4.384.20648
    asus rt-ac2900 -
    asus rt-ac66u *
    asus rt-ac51u -
    asus rt-ac55u -
    asus rt-ac1200 -
    asus rt-ac1750 -
    asus rt-n600 -
    asus rt-ac58U *
    asus rt-ac86u -
    asus rt-ac2900 -
    asus rt-acrh13 -
    asus rt-n12 d1 -
    asus rt-ac52u b1 -
    asus rt-ac55uhp -