PT-2018-5962 · Asus · Asuswrt
Blazej Adamczyk
·
Published
2018-01-31
·
Updated
2018-02-21
·
CVE-2017-15655
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Asus asuswrt versions prior to 3.0.0.4.378
Description:
The issue is related to multiple buffer overflow vulnerabilities in the HTTPd server. These vulnerabilities can be exploited to achieve remote code execution (RCE) with administrator rights when the administrator visits specific pages. Some end-of-life routers are affected as they have a vulnerable version as their latest update.
Recommendations:
For versions prior to 3.0.0.4.378, update to version 3.0.0.4.378 or later to resolve the issue.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asuswrt