CVSS: 10.0EPSS: 3%CPEs: 56EXPL: 1CVE-2017-11420
https://notcve.org/view.php?id=CVE-2017-11420
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. Un desbordamiento de búfer en la región stack de la memoria en el archivo ASUS_Discovery.c en componente networkmap en firmware Asuswrt-Merlin para dispositivos ASUS y firmware ASUS para dispositivos ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, y RT-N300, permiten que los atacantes remotos ejecuten código arbitrario por medio de información de dispositivo larga que es manejada inapropiadamente durante un strcat en una lista de dispositivos. • http://www.openwall.com/lists/oss-security/2017/07/13/1 https://asuswrt.lostrealm.ca/changelog • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 56EXPL: 0CVE-2017-11344
https://notcve.org/view.php?id=CVE-2017-11344
Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. Un Desbordamiento de búfer global en networkmap en el firmware Asuswrt-Merlin para dispositivos ASUS y en el firmware ASUS para dispositivos RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 de ASUS, permiten a los atacantes remotos escribir código shell en cualquier dirección de la pila; esto puede ser utilizado para ejecutar código arbitrario en el enrutador mediante el alojamiento de un documento XML creado de descripción de dispositivo en una URL especificada dentro de un encabezado Location en una respuesta SSDP. • http://www.openwall.com/lists/oss-security/2017/07/14/3 https://asuswrt.lostrealm.ca/changelog • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 56EXPL: 0CVE-2017-11345
https://notcve.org/view.php?id=CVE-2017-11345
Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. Un desbordamiento del búfer de la pila en networkmap en el firmware Asuswrt-Merlin para dispositivos ASUS y firmware ASUS para dispositivos RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 de ASUS, permiten que los atacantes remotos ejecuten código arbitrario en el enrutador mediante el alojamiento de un documento XML creado de descripción de dispositivo (que incluye un elemento serviceType) en una URL especificada dentro de un encabezado Location en una respuesta SSDP. • http://www.openwall.com/lists/oss-security/2017/07/14/3 https://asuswrt.lostrealm.ca/changelog • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 2CVE-2017-6548 – ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-6548
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages. Desbordamiento de búfer en networkmap en routers ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300 y RT-AC750 con firmware en versiones anteriores a 3.0.0.4.380.7378; routers RT-AC68W con firmware en versiones anteriores a 3.0.0.4.380.7266 y routers RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1 y RT-N12+ Pro con firmware en versiones anteriores a 3.0.0.4.380.9488 y Asuswrt-Merlin firmware en versiones anteriores a 380.65_2 permite a atacantes remotos ejecutar código arbitrario en el router a través de un host o puerto largo en mensajes de multidifusión manipulados. • https://www.exploit-db.com/exploits/41573 http://www.securityfocus.com/bid/96938 https://asuswrt.lostrealm.ca/changelog https://bierbaumer.net/security/asuswrt/#remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 50%CPEs: 2EXPL: 2CVE-2017-6549 – ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing
https://notcve.org/view.php?id=CVE-2017-6549
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers. Vulnerabilidad de secuestro de sesión en httpd en routers ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300 y RT-AC750 con firmware en versiones anteriores a 3.0.0.4.380.7378; routers RT-AC68W con firmware en versiones anteriores a 3.0.0.4.380.7266 y routers RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1 y RT-N12+ Pro con firmware en versiones anteriores a 3.0.0.4.380.9488 y Asuswrt-Merlin firmware en versiones anteriores a 380.65_2 permite a atacantes remotos robar cualquier sesión de administrador activa enviando cgi_logout y asusrouter-Windows-IFTTT-1.0 en ciertos encabezados HTTP. • https://www.exploit-db.com/exploits/41572 http://www.securityfocus.com/bid/96938 https://asuswrt.lostrealm.ca/changelog https://bierbaumer.net/security/asuswrt/#session-stealing • CWE-287: Improper Authentication •