Critical severity9.8NVD Advisory· Published Jan 22, 2018· Updated Jun 17, 2026
CVE-2018-5999
CVE-2018-5999
Description
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <3.0.0.4.384_10007
Patches
Vulnerability mechanics
References
5- blogs.securiteam.com/index.php/archives/3589nvdExploitTechnical DescriptionThird Party Advisory
- github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txtnvdExploitThird Party Advisory
- raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rbnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/43881/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/44176/nvd
News mentions
2- RondoDox Botnet Exploits 2018 Flaw in Asus RoutersGovInfoSecurity · May 26, 2026
- ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain ChaosThe Hacker News · May 25, 2026