RSS   Podatności dla 'Asuswrt-merlin'   RSS

2018-01-17
 
CVE-2018-5721

CWE-119
 

 
Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.

 

 >>> Vendor: Asuswrt-merlin project 34 Produkty
Rt-n12hp b1 firmware
Rt-n56u firmware
Rt-n66u firmware
Rt-ac68u firmware
Rt n12+ pro firmware
Rt ac1900p firmware
Rt-ac5300 firmware
Rt ac1200g firmware
Rt-ac3100 firmware
Rt-n18u firmware
Rt-ac1200 firmware
Rt-n300 firmware
Rt-ac52u firmware
Rt-ac3200 firmware
Rt-ac68p firmware
Rt-n16 firmware
Rt-ac88u firmware
Rt-ac56u firmware
Rt-ac55u firmware
Rt-ac66u firmware
Rt-n12+ firmware
Rt ac1200gu firmware
Rt-n12d1 firmware
Rt-ac66u b1 firmware
Rt-ac58u firmware
Rt-n12hp firmware
Rt-ac53 firmware
Rt-ac51u firmware
Asuswrt-merlin
Rt-ac1900 firmware
Rt-ac2900 firmware
Rt-ac68uf firmware
Rt-ac86u firmware
Rt-ac87 firmware


Copyright 2021, cxsecurity.com

 

Back to Top