CVE-2017-6548

Name of the Vulnerable Software and Affected Versions ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378 RT-AC68W routers with firmware before 3.0.0.4.380.7266 RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 Asuswrt-Merlin firmware before 380.65 2

Description The issue is caused by buffer overflows in the networkmap component of ASUS router firmware, allowing remote attackers to execute arbitrary code on the router via crafted multicast messages with long host or port values. This can be achieved by forming large strings as values for the host name and port in response to multicast messages.

Recommendations For ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378, update the firmware to version 3.0.0.4.380.7378 or later. For RT-AC68W routers with firmware before 3.0.0.4.380.7266, update the firmware to version 3.0.0.4.380.7266 or later. For RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488, update the firmware to version 3.0.0.4.380.9488 or later. For Asuswrt-Merlin firmware before 380.65 2, update the firmware to version 380.65 2 or later.