CVE-2013-5948

EXPLOITED

ASUS RT-AC68U and T-Mobile TM-AC1900 - Authenticated OS Command Injection via Network Analysis Target Field

Title source: llm

Exploitation Summary

CVE-2013-5948 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including drone.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Asus RT56U routers. The vulnerability allows an attacker to inject shell commands via the 'SystemCmd' and 'destIP' parameters in a GET request to 'apply.cgi'.

Description

The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).

Exploits (1)

exploitdb WORKING POC

by drone · textwebappshardware

https://www.exploit-db.com/exploits/25998

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in Asus RT56U routers. The vulnerability allows an attacker to inject shell commands via the 'SystemCmd' and 'destIP' parameters in a GET request to 'apply.cgi'.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Asus RT56U <= 3.0.0.4.360

Auth required

Prerequisites: Network access to the router · Valid credentials for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Apr/59

Various Sources x_refsource_confirm

http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29

Various Sources x_refsource_confirm

https://support.t-mobile.com/docs/DOC-21994

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Apr/66

Scores

EPSS 0.4378

EPSS Percentile 97.6%

Details

VulnCheck KEV 2020-11-06

CWE

CWE-78

Status published

Products (5)

asus/rt-ac68u

asus/rt-ac68u_firmware 3.0.0.4.374.4755

asus/rt-ac68u_firmware 3.0.0.4.374_4561

asus/rt-ac68u_firmware 3.0.0.4.374_4887

t-mobile/tm-ac1900 3.0.0.4.376_3169

Published Apr 22, 2014

Tracked Since Feb 18, 2026