DoS Vulnerability in ASUSWRT by ASUS
CVE-2018-20335

7.5HIGH

Key Information:

Vendor: Asus
Status: Asuswrt
Vendor: CVE Published:; 20 March 2020

What is CVE-2018-20335?

A vulnerability has been identified in ASUSWRT, specifically in version 3.0.0.4.384.20308, which allows an unauthenticated user to exploit the system. By sending a crafted request to the /APP_Installation.asp?= URI, an attacker can trigger a denial of service (DoS) condition on the httpd service. This can lead to service unavailability, affecting users' ability to access the router's web interface and hindering the overall functionality of the device.

References

https://starlabs.sg/advisories/18-20335/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2020
Vulnerability Reserved
Dec 21, 2018

Asus

What is CVE-2018-20335?

References

CVSS V3.1

Timeline