CVE-2017-11420

Name of the Vulnerable Software and Affected Versions Asuswrt-Merlin firmware versions for ASUS devices (affected versions not specified)

Description The issue is caused by a stack-based buffer overflow in the ASUS Discovery.c component of the Asuswrt-Merlin firmware, specifically when handling device information with the strcat function. This can allow a remote attacker to execute arbitrary code by providing long device information that is mishandled during the strcat operation to a device list.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.