CVE-2017-11344
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.
Un Desbordamiento de búfer global en networkmap en el firmware Asuswrt-Merlin para dispositivos ASUS y en el firmware ASUS para dispositivos RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 de ASUS, permiten a los atacantes remotos escribir código shell en cualquier dirección de la pila; esto puede ser utilizado para ejecutar código arbitrario en el enrutador mediante el alojamiento de un documento XML creado de descripción de dispositivo en una URL especificada dentro de un encabezado Location en una respuesta SSDP.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-07-16 CVE Reserved
- 2017-07-16 CVE Published
- 2024-02-17 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/07/14/3 | Mailing List |
|
| https://asuswrt.lostrealm.ca/changelog | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac5300 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac5300 Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1900p Firmware Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1900p Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p " | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68u Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68p Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68p Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac88u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac88u Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u B1 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u B1 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac58u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac58u Firmware" | <= 3.0.0.4.380.7485 Search vendor "Asuswrt-merlin Project" for product "Rt-ac58u Firmware" and version " <= 3.0.0.4.380.7485" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac58u Search vendor "Asuswrt-merlin Project" for product "Rt-ac58u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac56u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac56u Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac55u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac55u Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-ac55u Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac55u Search vendor "Asuswrt-merlin Project" for product "Rt-ac55u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac52u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac52u Firmware" | <= 3.0.0.4.380.4180 Search vendor "Asuswrt-merlin Project" for product "Rt-ac52u Firmware" and version " <= 3.0.0.4.380.4180" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac52u Search vendor "Asuswrt-merlin Project" for product "Rt-ac52u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac51u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac51u Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-ac51u Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac51u Search vendor "Asuswrt-merlin Project" for product "Rt-ac51u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n18u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n18u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-n18u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n18u Search vendor "Asuswrt-merlin Project" for product "Rt-n18u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n66u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n66u Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n66u Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n66u Search vendor "Asuswrt-merlin Project" for product "Rt-n66u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n56u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n56u Firmware" | <= 3.0.0.4.378.7177 Search vendor "Asuswrt-merlin Project" for product "Rt-n56u Firmware" and version " <= 3.0.0.4.378.7177" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n56u Search vendor "Asuswrt-merlin Project" for product "Rt-n56u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3200 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3200 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3100 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3100 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1200gu Firmware Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200gu Firmware" | <= 3.0.0.4.380.5577 Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200gu Firmware" and version " <= 3.0.0.4.380.5577" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1200gu Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200gu" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1200g Firmware Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200g Firmware" | <= 3.0.0.4.380.3167 Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200g Firmware" and version " <= 3.0.0.4.380.3167" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1200g Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200g" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac1200 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac1200 Firmware" | <= 3.0.0.4.380.9880 Search vendor "Asuswrt-merlin Project" for product "Rt-ac1200 Firmware" and version " <= 3.0.0.4.380.9880" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac1200 Search vendor "Asuswrt-merlin Project" for product "Rt-ac1200" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac53 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac53 Firmware" | <= 3.0.0.4.380.9883 Search vendor "Asuswrt-merlin Project" for product "Rt-ac53 Firmware" and version " <= 3.0.0.4.380.9883" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac53 Search vendor "Asuswrt-merlin Project" for product "Rt-ac53" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12hp Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp Firmware" | <= 3.0.0.4.380.2943 Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp Firmware" and version " <= 3.0.0.4.380.2943" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12hp Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12hp B1 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp B1 Firmware" | <= 3.0.0.4.380.3479 Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp B1 Firmware" and version " <= 3.0.0.4.380.3479" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12hp B1 Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp B1" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12d1 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n12d1 Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n12d1 Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12d1 Search vendor "Asuswrt-merlin Project" for product "Rt-n12d1" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12\+ Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n12\+ Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n12\+ Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12\+ Search vendor "Asuswrt-merlin Project" for product "Rt-n12\+" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt N12\+ Pro Firmware Search vendor "Asuswrt-merlin Project" for product "Rt N12\+ Pro Firmware" | <= 3.0.0.4.380.9880 Search vendor "Asuswrt-merlin Project" for product "Rt N12\+ Pro Firmware" and version " <= 3.0.0.4.380.9880" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt N12\+ Pro Search vendor "Asuswrt-merlin Project" for product "Rt N12\+ Pro" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n16 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n16 Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n16 Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n16 Search vendor "Asuswrt-merlin Project" for product "Rt-n16" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n300 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n300 Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n300 Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n300 Search vendor "Asuswrt-merlin Project" for product "Rt-n300" | - | - |
Safe
|