Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1000500

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".

Published

2018-06-26T16:29:00.353

Last Modified

2025-06-09T16:15:27.847

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-295
Type: Secondary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	busybox	busybox	< 1.32.0	Yes

References

http://lists.busybox.net/pipermail/busybox/2018-May/086462.html Mailing List, Vendor Advisory ([email protected])
https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91 Patch, Vendor Advisory ([email protected])
https://usn.ubuntu.com/4531-1/ ([email protected])
http://lists.busybox.net/pipermail/busybox/2018-May/086462.html Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4531-1/ (af854a3a-2127-422b-91ae-364da2661108)