Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-12754


Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.


Published

2017-08-09T15:29:00.183

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-119

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System asuswrt-merlin asuswrt-merlin ≤ 380.67 Yes
Hardware asuswrt-merlin rt-ac1200 - No
Hardware asuswrt-merlin rt-ac3100 - No
Hardware asuswrt-merlin rt-ac3200 - No
Hardware asuswrt-merlin rt-ac51u - No
Hardware asuswrt-merlin rt-ac52u - No
Hardware asuswrt-merlin rt-ac53 - No
Hardware asuswrt-merlin rt-ac5300 - No
Hardware asuswrt-merlin rt-ac55u - No
Hardware asuswrt-merlin rt-ac56u - No
Hardware asuswrt-merlin rt-ac58u - No
Hardware asuswrt-merlin rt-ac66u - No
Hardware asuswrt-merlin rt-ac66u_b1 - No
Hardware asuswrt-merlin rt-ac68p - No
Hardware asuswrt-merlin rt-ac68u - No
Hardware asuswrt-merlin rt-ac88u - No
Hardware asuswrt-merlin rt-n12\+ - No
Hardware asuswrt-merlin rt-n12d1 - No
Hardware asuswrt-merlin rt-n12hp - No
Hardware asuswrt-merlin rt-n12hp_b1 - No
Hardware asuswrt-merlin rt-n16 - No
Hardware asuswrt-merlin rt-n18u - No
Hardware asuswrt-merlin rt-n300 - No
Hardware asuswrt-merlin rt-n56u - No
Hardware asuswrt-merlin rt-n66u - No
Hardware asuswrt-merlin rt_ac1200g - No
Hardware asuswrt-merlin rt_ac1200gu - No
Hardware asuswrt-merlin rt_ac1900p - No
Hardware asuswrt-merlin rt_n12\+_pro - No

References