Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-15655

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.

Published

2018-01-31T20:29:00.350

Last Modified

2024-11-21T03:14:58.203

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.6 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	asus	asuswrt	< 3.0.0.4.378	Yes

References

http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2018/Jan/63 Exploit, Mailing List, Third Party Advisory ([email protected])
http://sploit.tech/2018/01/16/ASUS-part-I.html Exploit, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2018/Jan/63 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sploit.tech/2018/01/16/ASUS-part-I.html Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)