CVE-2017-11420 Information
Feb 14, 2021
cve
Description
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300 RT_AC1900P RT-AC68U RT-AC68P RT-AC88U RT-AC66U RT-AC66U_B1 RT-AC58U RT-AC56U RT-AC55U RT-AC52U RT-AC51U RT-N18U RT-N66U RT-N56U RT-AC3200 RT-AC3100 RT_AC1200GU RT_AC1200G RT-AC1200 RT-AC53 RT-N12HP RT-N12HP_B1 RT-N12D1 RT-N12+ RT_N12+_PRO RT-N16 and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.openwall.com/lists/oss-security/2017/07/13/1 https://asuswrt.lostrealm.ca/changelog
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: