// For flags

CVE-2017-11420

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.

Un desbordamiento de búfer en la región stack de la memoria en el archivo ASUS_Discovery.c en componente networkmap en firmware Asuswrt-Merlin para dispositivos ASUS y firmware ASUS para dispositivos ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, y RT-N300, permiten que los atacantes remotos ejecuten código arbitrario por medio de información de dispositivo larga que es manejada inapropiadamente durante un strcat en una lista de dispositivos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-07-18 CVE Reserved
  • 2017-07-18 CVE Published
  • 2024-02-19 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac5300 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac5300
Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt Ac1900p Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt Ac1900p
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p "
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68p Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac68p
Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac88u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac88u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac66u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac66u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac66u B1 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac66u B1
Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac58u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac58u Firmware"
<= 3.0.0.4.380.7485
Search vendor "Asuswrt-merlin Project" for product "Rt-ac58u Firmware" and version " <= 3.0.0.4.380.7485"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac58u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac58u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac56u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac56u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac55u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac55u Firmware"
<= 3.0.0.4.380.7378
Search vendor "Asuswrt-merlin Project" for product "Rt-ac55u Firmware" and version " <= 3.0.0.4.380.7378"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac55u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac55u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac52u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac52u Firmware"
<= 3.0.0.4.380.4180
Search vendor "Asuswrt-merlin Project" for product "Rt-ac52u Firmware" and version " <= 3.0.0.4.380.4180"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac52u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac52u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac51u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac51u Firmware"
<= 3.0.0.4.380.7378
Search vendor "Asuswrt-merlin Project" for product "Rt-ac51u Firmware" and version " <= 3.0.0.4.380.7378"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac51u
Search vendor "Asuswrt-merlin Project" for product "Rt-ac51u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n18u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-n18u Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-n18u Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n18u
Search vendor "Asuswrt-merlin Project" for product "Rt-n18u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n66u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-n66u Firmware"
<= 3.0.0.4.380.7378
Search vendor "Asuswrt-merlin Project" for product "Rt-n66u Firmware" and version " <= 3.0.0.4.380.7378"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n66u
Search vendor "Asuswrt-merlin Project" for product "Rt-n66u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n56u Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-n56u Firmware"
<= 3.0.0.4.378.7177
Search vendor "Asuswrt-merlin Project" for product "Rt-n56u Firmware" and version " <= 3.0.0.4.378.7177"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n56u
Search vendor "Asuswrt-merlin Project" for product "Rt-n56u"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac3200 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac3200
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac3100 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware"
<= 3.0.0.4.380.7743
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware" and version " <= 3.0.0.4.380.7743"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac3100
Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt Ac1200gu Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200gu Firmware"
<= 3.0.0.4.380.5577
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200gu Firmware" and version " <= 3.0.0.4.380.5577"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt Ac1200gu
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200gu"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt Ac1200g Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200g Firmware"
<= 3.0.0.4.380.3167
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200g Firmware" and version " <= 3.0.0.4.380.3167"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt Ac1200g
Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200g"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac1200 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac1200 Firmware"
<= 3.0.0.4.380.9880
Search vendor "Asuswrt-merlin Project" for product "Rt-ac1200 Firmware" and version " <= 3.0.0.4.380.9880"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac1200
Search vendor "Asuswrt-merlin Project" for product "Rt-ac1200"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac53 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-ac53 Firmware"
<= 3.0.0.4.380.9883
Search vendor "Asuswrt-merlin Project" for product "Rt-ac53 Firmware" and version " <= 3.0.0.4.380.9883"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-ac53
Search vendor "Asuswrt-merlin Project" for product "Rt-ac53"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n12hp Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp Firmware"
<= 3.0.0.4.380.2943
Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp Firmware" and version " <= 3.0.0.4.380.2943"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n12hp
Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n12hp B1 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp B1 Firmware"
<= 3.0.0.4.380.3479
Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp B1 Firmware" and version " <= 3.0.0.4.380.3479"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n12hp B1
Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp B1"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n12d1 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-n12d1 Firmware"
<= 3.0.0.4.380.7378
Search vendor "Asuswrt-merlin Project" for product "Rt-n12d1 Firmware" and version " <= 3.0.0.4.380.7378"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n12d1
Search vendor "Asuswrt-merlin Project" for product "Rt-n12d1"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n12\+ Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-n12\+ Firmware"
<= 3.0.0.4.380.7378
Search vendor "Asuswrt-merlin Project" for product "Rt-n12\+ Firmware" and version " <= 3.0.0.4.380.7378"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n12\+
Search vendor "Asuswrt-merlin Project" for product "Rt-n12\+"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt N12\+ Pro Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt N12\+ Pro Firmware"
<= 3.0.0.4.380.9880
Search vendor "Asuswrt-merlin Project" for product "Rt N12\+ Pro Firmware" and version " <= 3.0.0.4.380.9880"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt N12\+ Pro
Search vendor "Asuswrt-merlin Project" for product "Rt N12\+ Pro"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n16 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-n16 Firmware"
<= 3.0.0.4.380.7378
Search vendor "Asuswrt-merlin Project" for product "Rt-n16 Firmware" and version " <= 3.0.0.4.380.7378"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n16
Search vendor "Asuswrt-merlin Project" for product "Rt-n16"
--
Safe
Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n300 Firmware
Search vendor "Asuswrt-merlin Project" for product "Rt-n300 Firmware"
<= 3.0.0.4.380.7378
Search vendor "Asuswrt-merlin Project" for product "Rt-n300 Firmware" and version " <= 3.0.0.4.380.7378"
-
Affected
in Asuswrt-merlin Project
Search vendor "Asuswrt-merlin Project"
Rt-n300
Search vendor "Asuswrt-merlin Project" for product "Rt-n300"
--
Safe