CVE-2013-5948

EXPLOITED

T-mobile Tm-ac1900 - OS Command Injection

Title source: rule

Description

The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).

Exploits (1)

exploitdb WORKING POC

by drone · textwebappshardware

https://www.exploit-db.com/exploits/25998

View Code ZIP pw:eip

References (4)

[Mailing List] http://seclists.org/fulldisclosure/2014/Apr/59

[Exploit] http://seclists.org/fulldisclosure/2014/Apr/66

[Various Sources] http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29

[Various Sources] https://support.t-mobile.com/docs/DOC-21994

Scores

EPSS 0.4373

EPSS Percentile 97.5%

Details

VulnCheck KEV 2020-11-06

CWE

CWE-78

Status published

Products (5)

asus/rt-ac68u

asus/rt-ac68u_firmware 3.0.0.4.374.4755

asus/rt-ac68u_firmware 3.0.0.4.374_4561

asus/rt-ac68u_firmware 3.0.0.4.374_4887

t-mobile/tm-ac1900 3.0.0.4.376_3169

Published Apr 22, 2014

Tracked Since Feb 18, 2026