CRITICAL🇬🇧 English

CVE-2017-15655

CVSS 9.6v3.0pub. 2018-01-31upd. 2024-11-21

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Asus Asuswrt

    OS
    Asus
    < 3.0.0.4.378
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2022-26376CRITICAL9.8ten sam produkt

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_4...

CVE-2018-20334CRITICAL9.8ten sam produkt

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is...

CVE-2018-6000CRITICAL9.8ten sam produkt

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/we...

CVE-2018-5999CRITICAL9.8ten sam produkt

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/ht...

CVE-2018-20335HIGH7.5ten sam produkt

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd s...