Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款ASUS产品操作系统命令注入漏洞
Vulnerability Description
ASUS RT-AC66U等都是华硕(ASUS)公司的无线路由器产品。 多款ASUS设备上的/apply.cgi文件中的Main_Analysis_Content.asp中存在操作系统命令注入漏洞。攻击者可借助System Cmd变量的percent和desktOP字段利用该漏洞注入并以更高权限执行操作系统命令。以下产品和版本受到影响:ASUS RT-AC66U;RT-AC68U;RT-AC86U;RT-AC88U;RT-AC1900;RT-AC2900;RT-AC3100设备3.0.0.4.384_10
CVSS Information
N/A
Vulnerability Type
N/A