CVE-2017-12754
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.
Un desbordamiento de búfer basado en pila en httpd en Asuswrt-Merlin firmware en versiones 380.67_0RT-AC5300 y anteriores para dispositivos ASUS y firmware ASUS para dispositivos ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, y RT-N300 permite que atacantes remotos ejecuten código arbitrario en el router mediante el envío de un paquete de petición http GET manipulado que incluya un parámetro delete_offline_client largo en la URL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-09 CVE Reserved
- 2017-08-09 CVE Published
- 2024-03-12 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/Asus_DeleteOfflineClientOverflow.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://asuswrt.lostrealm.ca/changelog | 2020-05-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac1200 Search vendor "Asuswrt-merlin" for product "Rt-ac1200" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac3100 Search vendor "Asuswrt-merlin" for product "Rt-ac3100" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac3200 Search vendor "Asuswrt-merlin" for product "Rt-ac3200" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac51u Search vendor "Asuswrt-merlin" for product "Rt-ac51u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac52u Search vendor "Asuswrt-merlin" for product "Rt-ac52u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac53 Search vendor "Asuswrt-merlin" for product "Rt-ac53" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac5300 Search vendor "Asuswrt-merlin" for product "Rt-ac5300" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac55u Search vendor "Asuswrt-merlin" for product "Rt-ac55u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac56u Search vendor "Asuswrt-merlin" for product "Rt-ac56u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac58u Search vendor "Asuswrt-merlin" for product "Rt-ac58u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac66u Search vendor "Asuswrt-merlin" for product "Rt-ac66u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac66u B1 Search vendor "Asuswrt-merlin" for product "Rt-ac66u B1" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac68p Search vendor "Asuswrt-merlin" for product "Rt-ac68p" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac68u Search vendor "Asuswrt-merlin" for product "Rt-ac68u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-ac88u Search vendor "Asuswrt-merlin" for product "Rt-ac88u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-n12\+ Search vendor "Asuswrt-merlin" for product "Rt-n12\+" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-n12d1 Search vendor "Asuswrt-merlin" for product "Rt-n12d1" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-n12hp Search vendor "Asuswrt-merlin" for product "Rt-n12hp" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-n12hp B1 Search vendor "Asuswrt-merlin" for product "Rt-n12hp B1" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-n16 Search vendor "Asuswrt-merlin" for product "Rt-n16" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-n18u Search vendor "Asuswrt-merlin" for product "Rt-n18u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-n300 Search vendor "Asuswrt-merlin" for product "Rt-n300" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-n56u Search vendor "Asuswrt-merlin" for product "Rt-n56u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt-n66u Search vendor "Asuswrt-merlin" for product "Rt-n66u" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt Ac1200g Search vendor "Asuswrt-merlin" for product "Rt Ac1200g" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt Ac1200gu Search vendor "Asuswrt-merlin" for product "Rt Ac1200gu" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt Ac1900p Search vendor "Asuswrt-merlin" for product "Rt Ac1900p" | - | - |
Safe
|
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 380.67 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 380.67" | - |
Affected
| in | Asuswrt-merlin Search vendor "Asuswrt-merlin" | Rt N12\+ Pro Search vendor "Asuswrt-merlin" for product "Rt N12\+ Pro" | - | - |
Safe
|