CVE-2013-6343

ASUS RT-N56U and RT-AC66U Firmware 3.0.0.4.374_979 - Remote Code Execution via apps_name or apps_flag Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6343. PoCs published by Jacob Holcomb.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in ASUS RT-N56U routers via the `apps_name` parameter in `APP_Installation.asp`. It uses a ROP chain and multi-stage shellcode to achieve remote code execution, specifically a reverse shell.

Description

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.

Exploits (1)

exploitdb WORKING POC

by Jacob Holcomb · pythonremotehardware

https://www.exploit-db.com/exploits/31033

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in ASUS RT-N56U routers via the `apps_name` parameter in `APP_Installation.asp`. It uses a ROP chain and multi-stage shellcode to achieve remote code execution, specifically a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: ASUS RT-N56U (Firmware 3.0.0.4.374_979)

Auth required

Prerequisites: Network access to the router's web interface · Valid HTTP Basic Authentication credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit x_refsource_misc

http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/102267

Various Sources x_refsource_confirm

https://support.t-mobile.com/docs/DOC-21994

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/31033

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/65046

Scores

EPSS 0.0971

EPSS Percentile 94.9%

Details

CWE

CWE-119

Status published

Products (3)

asus/rt-ac66u_firmware 3.0.0.4..374_979

asus/rt-n56u_firmware 3.0.0.4..374_979

asus/tm-ac1900_firmware 3.0.0.4..374_979

Published Jan 22, 2014

Tracked Since Feb 18, 2026