CVE-2018-8879
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.
Un desbordamiento de búfer en la región stack de la memoria en el firmware Asuswrt-Merlin para dispositivos ASUS versiones anteriores a 384.4 y el firmware ASUS versiones anteriores a 3.0.0.4.382.50470 para dispositivos, permite a atacantes remotos ejecutar código arbitrario al proporcionar una cadena larga en la página block.asp por medio de una petición GET o POST. Los parámetros vulnerables son flag, mac y cat_id.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-20 CVE Reserved
- 2019-11-21 CVE Published
- 2023-10-28 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.asus.com/Networking/RTAC66U/HelpDesk_BIOS | Product |
URL | Date | SRC |
---|---|---|
https://pagedout.institute/download/PagedOut_001_beta1.pdf | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Asus Search vendor "Asus" | Rt-ac66u Firmware Search vendor "Asus" for product "Rt-ac66u Firmware" | < 3.0.0.4.382.50470 Search vendor "Asus" for product "Rt-ac66u Firmware" and version " < 3.0.0.4.382.50470" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac66u Search vendor "Asus" for product "Rt-ac66u" | - | - |
Safe
|