Main
Vulnerability Database
Exploits
ID:6332 - Exploit for Security restrictions bypass in AsusWRT - CVE-2018-6000
ID:6332 - Exploit for Security restrictions bypass in AsusWRT - CVE-2018-6000
Published: June 17, 2021
Vulnerability identifier: #VU10256
Vulnerability risk: Low
CVE-ID: CVE-2018-6000
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
AsusWRT
AsusWRT
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi. A remote attacker can send a specially crafted HTTP POST request and bypass security restrictions, set the admin password and launch an SSH daemon.
The weakness exists due to a flaw in the do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi. A remote attacker can send a specially crafted HTTP POST request and bypass security restrictions, set the admin password and launch an SSH daemon.
Remediation
Update to version 3.0.0.4.384_10007 or later.