CVE-2017-12754

Name of the Vulnerable Software and Affected Versions Asuswrt-Merlin firmware versions prior to 380.67 0

Description A stack buffer overflow issue exists in the httpd component of Asuswrt-Merlin firmware, allowing remote attackers to execute arbitrary code on the router. This can be achieved by sending a crafted HTTP GET request packet that includes a long delete offline client parameter in the URL.

Recommendations For Asuswrt-Merlin firmware versions prior to 380.67 0, update to a version later than 380.67 0 to resolve the issue. As a temporary workaround, consider restricting access to the httpd component until a patch is available. Avoid using the delete offline client parameter in the affected HTTP endpoint until the issue is resolved.