CVE-2017-11420
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.
Un desbordamiento de búfer en la región stack de la memoria en el archivo ASUS_Discovery.c en componente networkmap en firmware Asuswrt-Merlin para dispositivos ASUS y firmware ASUS para dispositivos ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, y RT-N300, permiten que los atacantes remotos ejecuten código arbitrario por medio de información de dispositivo larga que es manejada inapropiadamente durante un strcat en una lista de dispositivos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-07-18 CVE Reserved
- 2017-07-18 CVE Published
- 2024-02-19 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://asuswrt.lostrealm.ca/changelog | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/07/13/1 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac5300 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300 Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac5300 Search vendor "Asuswrt-merlin Project" for product "Rt-ac5300" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1900p Firmware Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1900p Search vendor "Asuswrt-merlin Project" for product "Rt Ac1900p " | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68u Search vendor "Asuswrt-merlin Project" for product "Rt-ac68u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68p Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac68p Search vendor "Asuswrt-merlin Project" for product "Rt-ac68p" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac88u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac88u Search vendor "Asuswrt-merlin Project" for product "Rt-ac88u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u B1 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1 Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac66u B1 Search vendor "Asuswrt-merlin Project" for product "Rt-ac66u B1" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac58u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac58u Firmware" | <= 3.0.0.4.380.7485 Search vendor "Asuswrt-merlin Project" for product "Rt-ac58u Firmware" and version " <= 3.0.0.4.380.7485" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac58u Search vendor "Asuswrt-merlin Project" for product "Rt-ac58u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac56u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac56u Search vendor "Asuswrt-merlin Project" for product "Rt-ac56u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac55u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac55u Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-ac55u Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac55u Search vendor "Asuswrt-merlin Project" for product "Rt-ac55u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac52u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac52u Firmware" | <= 3.0.0.4.380.4180 Search vendor "Asuswrt-merlin Project" for product "Rt-ac52u Firmware" and version " <= 3.0.0.4.380.4180" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac52u Search vendor "Asuswrt-merlin Project" for product "Rt-ac52u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac51u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac51u Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-ac51u Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac51u Search vendor "Asuswrt-merlin Project" for product "Rt-ac51u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n18u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n18u Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-n18u Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n18u Search vendor "Asuswrt-merlin Project" for product "Rt-n18u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n66u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n66u Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n66u Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n66u Search vendor "Asuswrt-merlin Project" for product "Rt-n66u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n56u Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n56u Firmware" | <= 3.0.0.4.378.7177 Search vendor "Asuswrt-merlin Project" for product "Rt-n56u Firmware" and version " <= 3.0.0.4.378.7177" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n56u Search vendor "Asuswrt-merlin Project" for product "Rt-n56u" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3200 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200 Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3200 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3200" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3100 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware" | <= 3.0.0.4.380.7743 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100 Firmware" and version " <= 3.0.0.4.380.7743" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac3100 Search vendor "Asuswrt-merlin Project" for product "Rt-ac3100" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1200gu Firmware Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200gu Firmware" | <= 3.0.0.4.380.5577 Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200gu Firmware" and version " <= 3.0.0.4.380.5577" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1200gu Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200gu" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1200g Firmware Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200g Firmware" | <= 3.0.0.4.380.3167 Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200g Firmware" and version " <= 3.0.0.4.380.3167" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt Ac1200g Search vendor "Asuswrt-merlin Project" for product "Rt Ac1200g" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac1200 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac1200 Firmware" | <= 3.0.0.4.380.9880 Search vendor "Asuswrt-merlin Project" for product "Rt-ac1200 Firmware" and version " <= 3.0.0.4.380.9880" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac1200 Search vendor "Asuswrt-merlin Project" for product "Rt-ac1200" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac53 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-ac53 Firmware" | <= 3.0.0.4.380.9883 Search vendor "Asuswrt-merlin Project" for product "Rt-ac53 Firmware" and version " <= 3.0.0.4.380.9883" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-ac53 Search vendor "Asuswrt-merlin Project" for product "Rt-ac53" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12hp Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp Firmware" | <= 3.0.0.4.380.2943 Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp Firmware" and version " <= 3.0.0.4.380.2943" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12hp Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12hp B1 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp B1 Firmware" | <= 3.0.0.4.380.3479 Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp B1 Firmware" and version " <= 3.0.0.4.380.3479" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12hp B1 Search vendor "Asuswrt-merlin Project" for product "Rt-n12hp B1" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12d1 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n12d1 Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n12d1 Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12d1 Search vendor "Asuswrt-merlin Project" for product "Rt-n12d1" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12\+ Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n12\+ Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n12\+ Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n12\+ Search vendor "Asuswrt-merlin Project" for product "Rt-n12\+" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt N12\+ Pro Firmware Search vendor "Asuswrt-merlin Project" for product "Rt N12\+ Pro Firmware" | <= 3.0.0.4.380.9880 Search vendor "Asuswrt-merlin Project" for product "Rt N12\+ Pro Firmware" and version " <= 3.0.0.4.380.9880" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt N12\+ Pro Search vendor "Asuswrt-merlin Project" for product "Rt N12\+ Pro" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n16 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n16 Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n16 Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n16 Search vendor "Asuswrt-merlin Project" for product "Rt-n16" | - | - |
Safe
|
| Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n300 Firmware Search vendor "Asuswrt-merlin Project" for product "Rt-n300 Firmware" | <= 3.0.0.4.380.7378 Search vendor "Asuswrt-merlin Project" for product "Rt-n300 Firmware" and version " <= 3.0.0.4.380.7378" | - |
Affected
| in | Asuswrt-merlin Project Search vendor "Asuswrt-merlin Project" | Rt-n300 Search vendor "Asuswrt-merlin Project" for product "Rt-n300" | - | - |
Safe
|