9.3
CVE-2017-11344
- EPSS 1.19%
- Veröffentlicht 17.07.2017 13:18:20
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginGlobal buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asuswrt-merlin Project ≫ Rt-ac5300 Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt Ac1900p Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt-ac68u Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt-ac68p Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt-ac88u Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt-ac66u Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt-ac66u B1 Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt-ac58u Firmware Version <= 3.0.0.4.380.7485
Asuswrt-merlin Project ≫ Rt-ac56u Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt-ac55u Firmware Version <= 3.0.0.4.380.7378
Asuswrt-merlin Project ≫ Rt-ac52u Firmware Version <= 3.0.0.4.380.4180
Asuswrt-merlin Project ≫ Rt-ac51u Firmware Version <= 3.0.0.4.380.7378
Asuswrt-merlin Project ≫ Rt-n18u Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt-n66u Firmware Version <= 3.0.0.4.380.7378
Asuswrt-merlin Project ≫ Rt-n56u Firmware Version <= 3.0.0.4.378.7177
Asuswrt-merlin Project ≫ Rt-ac3200 Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt-ac3100 Firmware Version <= 3.0.0.4.380.7743
Asuswrt-merlin Project ≫ Rt Ac1200gu Firmware Version <= 3.0.0.4.380.5577
Asuswrt-merlin Project ≫ Rt Ac1200g Firmware Version <= 3.0.0.4.380.3167
Asuswrt-merlin Project ≫ Rt-ac1200 Firmware Version <= 3.0.0.4.380.9880
Asuswrt-merlin Project ≫ Rt-ac53 Firmware Version <= 3.0.0.4.380.9883
Asuswrt-merlin Project ≫ Rt-n12hp Firmware Version <= 3.0.0.4.380.2943
Asuswrt-merlin Project ≫ Rt-n12hp B1 Firmware Version <= 3.0.0.4.380.3479
Asuswrt-merlin Project ≫ Rt-n12d1 Firmware Version <= 3.0.0.4.380.7378
Asuswrt-merlin Project ≫ Rt-n16 Firmware Version <= 3.0.0.4.380.7378
Asuswrt-merlin Project ≫ Rt-n300 Firmware Version <= 3.0.0.4.380.7378
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.19% | 0.779 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.