CVE-2017-6548 Information

Feb 14, 2021 cve

Description

Buffer overflows in networkmap on ASUS RT-N56U RT-N66U RT-AC66U RT-N66R RT-AC66R RT-AC68U RT-AC68R RT-N66W RT-AC66W RT-AC87R RT-AC87U RT-AC51U RT-AC68P RT-N11P RT-N12+ RT-N12E B1 RT-AC3200 RT-AC53U RT-AC1750 RT-AC1900P RT-N300 and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600 RT-N12+ B1 RT-N11P B1 RT-N12VP B1 RT-N12E C1 RT-N300 B1 and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/96938 https://asuswrt.lostrealm.ca/changelog https://bierbaumer.net/security/asuswrt/remote-code-execution https://www.exploit-db.com/exploits/41573/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: