PT-2014-3097 · Asus · Asus Rt-N56U+1

Publicado

2014-01-22

Atualizado

2016-12-31

CVE-2013-6343

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374 979

Description The issue is related to multiple buffer overflows in the httpd web.c component. Remote attackers can execute arbitrary code by manipulating the apps name or apps flag parameters in the APP Installation.asp endpoint.

Recommendations For ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374 979, consider restricting access to the APP Installation.asp endpoint until a patch is available. As a temporary workaround, avoid using the apps name and apps flag parameters in the APP Installation.asp endpoint to minimize the risk of exploitation.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2013-6343

Produtos afetados

Asus Rt-Ac66U

Asus Rt-N56U

PT-2014-3097 · Asus · Asus Rt-N56U+1

CVE-2013-6343

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7