CVE-2013-5948

The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).

Published: Apr 22, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-5948
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
t-mobile / tm-ac1900	3.0.0.4.376_3169	3.0.0.4.376_3169.x
asus / rt-ac68u_firmware	3.0.0.4.374.4755	3.0.0.4.374.4755.x
asus / rt-ac68u_firmware	3.0.0.4.374_4561	3.0.0.4.374_4561.x
asus / rt-ac68u_firmware	3.0.0.4.374_4887	3.0.0.4.374_4887.x

http://seclists.org/fulldisclosure/2014/Apr/59
http://seclists.org/fulldisclosure/2014/Apr/66
http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29
https://support.t-mobile.com/docs/DOC-21994

Vulnerability Database

289,697

CVE-2013-5948