CRITICAL🇬🇧 English

CVE-2018-8879

CVSS 9.8v3.1pub. 2019-11-21upd. 2024-11-21

Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Asus Rt Ac66u

    HW
    Asus
    wszystkie wersje
  • Asus Rt Ac66u Firmware

    OS
    Asus
    < 3.0.0.4.382.50470
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2018-20334CRITICAL9.8ten sam produkt

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is...

CVE-2013-4656CRITICAL9.8ten sam produkt

Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.

CVE-2018-8826CRITICAL9.8ten sam produkt

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.38...

CVE-2018-9285CRITICAL9.8ten sam produkt

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, ...

CVE-2013-4659CRITICAL9.8ten sam produkt

Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP po...