CVE-2018-15887
HIGH EXPLOITED IN THE WILDASUS DSL-N12E_C1 1.1.2.3_345 - Authenticated Remote Command Execution via destIP Parameter
Title source: llmExploitation Summary
CVE-2018-15887 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://fakhrizulkifli.github.io/CVE-2018-15887.html
Scores
CVSS v3
8.8
EPSS
0.0715
EPSS Percentile
91.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2019-06-13
InTheWild.io
2019-12-13
CWE
CWE-78
Status
published
Products (1)
asus/dsl-n12e_c1_firmware
1.1.2.3_345
Published
Aug 27, 2018
Tracked Since
Feb 18, 2026