Command Injection Vulnerability in ASUSWRT Router Software by ASUS
CVE-2018-20334
9.8CRITICAL
What is CVE-2018-20334?
A command injection vulnerability has been identified in ASUSWRT, specifically in the processing of the POST data from the /start_apply.htm endpoint. This issue arises when shell metacharacters are manipulated in the fb_email parameter, allowing attackers to execute arbitrary commands on the router. Successful exploitation grants an unauthorized user control over the affected device, posing significant security risks to the network.