CVE-2018-5721
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.
Desbordamiento de búfer basado en pila en la función ej_update_variables en outer/httpd/web.c en routers ASUS (cuando emplean software de https://github.com/RMerl/asuswrt-merlin) permite que atacantes autenticados en la web ejecuten código mediante una petición que actualiza una configuración. En ej_update_variables, la longitud de la variable action_script no se comprueba, siempre y cuando incluya una subcadena "_wan_if".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-16 CVE Reserved
- 2018-01-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.w0lfzhang.com/2018/01/17/ASUS-router-stack-overflow-in-http-server | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asuswrt-merlin Search vendor "Asuswrt-merlin" | Asuswrt-merlin Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" | <= 382.1_2 Search vendor "Asuswrt-merlin" for product "Asuswrt-merlin" and version " <= 382.1_2" | - |
Affected
| ||||||