PT-2018-13908 · Asus · Asus Gt-Ac5300

Nabla

Published

2018-09-17

Updated

2019-01-18

CVE-2018-17127

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ASUS GT-AC5300 devices version 3.0.0.4.384 32738

Description The issue allows remote attackers to cause a denial of service, resulting in a device crash due to a NULL pointer dereference. This can be achieved by sending a request that lacks a timestap parameter to the blocking request.cgi endpoint.

Recommendations For version 3.0.0.4.384 32738, as a temporary workaround, consider restricting access to the blocking request.cgi endpoint until a patch is available. Avoid sending requests without the timestap parameter to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2018-17127

Affected Products

Asus Gt-Ac5300

PT-2018-13908 · Asus · Asus Gt-Ac5300

CVE-2018-17127

Weakness Enumeration

Related Identifiers

Affected Products

References · 3