CVE-2017-11344 Information

Description

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300 RT_AC1900P RT-AC68U RT-AC68P RT-AC88U RT-AC66U RT-AC66U_B1 RT-AC58U RT-AC56U RT-AC55U RT-AC52U RT-AC51U RT-N18U RT-N66U RT-N56U RT-AC3200 RT-AC3100 RT_AC1200GU RT_AC1200G RT-AC1200 RT-AC53 RT-N12HP RT-N12HP_B1 RT-N12D1 RT-N12+ RT_N12+_PRO RT-N16 and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.openwall.com/lists/oss-security/2017/07/14/3 https://asuswrt.lostrealm.ca/changelog

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8