PT-2018-13908 · Asus · Asus Gt-Ac5300

Nabla

Publicado

2018-09-17

Atualizado

2019-01-18

CVE-2018-17127

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ASUS GT-AC5300 devices version 3.0.0.4.384 32738

Description The issue allows remote attackers to cause a denial of service, resulting in a device crash due to a NULL pointer dereference. This can be achieved by sending a request that lacks a timestap parameter to the blocking request.cgi endpoint.

Recommendations For version 3.0.0.4.384 32738, as a temporary workaround, consider restricting access to the blocking request.cgi endpoint until a patch is available. Avoid sending requests without the timestap parameter to minimize the risk of exploitation.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

CVE-2018-17127

Produtos afetados

Asus Gt-Ac5300

PT-2018-13908 · Asus · Asus Gt-Ac5300

CVE-2018-17127

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3