Vulnerability Details : CVE-2017-6548
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.
Vulnerability category: OverflowExecute code
Products affected by CVE-2017-6548
- cpe:2.3:o:asus:rt-ac53_firmware:3.0.0.4.380.6038:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6548
15.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6548
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-6548
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6548
-
https://asuswrt.lostrealm.ca/changelog
Changelog 380.xx | Asuswrt-Merlin
-
https://bierbaumer.net/security/asuswrt/#remote-code-execution
0xbb - ASUSWRTExploit;Third Party Advisory
-
https://www.exploit-db.com/exploits/41573/
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
-
http://www.securityfocus.com/bid/96938
Asus ASUSWRT Multiple Security Vulnerabilities
Jump to