CVE-2018-6000
CVE-2018-6000
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 84.2%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
22 Jan 2018Metasploit module available
22 Jan 2018Public PoC
22 Jan 2018Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/43881/unverifiedcve_referencewww.exploit-db.com/exploits/44176/unverifiedexploitdbwww.exploit-db.com/exploits/44176unverifiedexploitdbwww.exploit-db.com/exploits/43881unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://blogs.securiteam.com/index.php/archives/3589https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txthttps://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rbhttps://www.exploit-db.com/exploits/43881/https://www.exploit-db.com/exploits/44176/