CVE-2020-29655

HIGH

RT-AC88U Download Master <3.1.0.108 - Command Injection

Title source: llm
STIX 2.1

Description

An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://vuldb.com/?id.165678

Scores

CVSS v3 7.5
EPSS 0.0024
EPSS Percentile 46.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-74
Status published
Products (1)
asus/rt-ac88u_firmware < 3.1.0.108
Published Dec 09, 2020
Tracked Since Feb 18, 2026