CVE-2017-15655
CRITICALAsus asuswrt <= 3.0.0.4.376.X - Remote Code Execution via HTTPd Buffer Overflow
Title source: llmDescription
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
http://sploit.tech/2018/01/16/ASUS-part-I.html
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jan/63
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html
Scores
CVSS v3
9.6
EPSS
0.0144
EPSS Percentile
80.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
asus/asuswrt
< 3.0.0.4.378
Published
Jan 31, 2018
Tracked Since
Feb 18, 2026