CVE-2018-5999

Name: CVE-2018-5999
Creator: NVD / NIST
Published: 2018-01-22T20:29:00.227+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 87.41%

Last modified Jun 17, 2026

CVE-2018-5999 is a vulnerability of currently unknown severity. An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.. EPSS estimates a 87.41% chance of exploitation in the next 30 days.

Description

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.

Metrics

EPSS Probability

87.41%

99.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Asus	Asuswrt	< 3.0.0.4.384_10007

References

https://blogs.securiteam.com/index.php/archives/3589Exploit, Technical Description, Third Party Advisory
https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txtExploit, Third Party Advisory
https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rbExploit, Third Party Advisory
https://www.exploit-db.com/exploits/43881/Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/44176/
https://blogs.securiteam.com/index.php/archives/3589Exploit, Technical Description, Third Party Advisory
https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txtExploit, Third Party Advisory
https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rbExploit, Third Party Advisory
https://www.exploit-db.com/exploits/43881/Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/44176/

Timeline

Published: Jan 22, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-5999?

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.

How severe is CVE-2018-5999?

Severity scoring for CVE-2018-5999 is pending analysis. The EPSS model estimates a 87.41% probability of exploitation in the next 30 days.

How do I fix CVE-2018-5999?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-5999?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST