Vulnerability Description
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asus | Tm-Ac1900 Firmware | 3.0.0.4..374_979 |
| Asus | Tm-Ac1900 | - |
| Asus | Rt-N56U Firmware | 3.0.0.4..374_979 |
| Asus | Rt-N56U | - |
| Asus | Rt-Ac66U Firmware | 3.0.0.4..374_979 |
| Asus | Rt-Ac66U | - |
Related Weaknesses (CWE)
References
- http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.htmExploit
- http://osvdb.org/102267
- http://www.exploit-db.com/exploits/31033Exploit
- http://www.securityfocus.com/bid/65046
- https://support.t-mobile.com/docs/DOC-21994
- http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.htmExploit
- http://osvdb.org/102267
- http://www.exploit-db.com/exploits/31033Exploit
- http://www.securityfocus.com/bid/65046
- https://support.t-mobile.com/docs/DOC-21994
FAQ
What is CVE-2013-6343?
CVE-2013-6343 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_fl...
How severe is CVE-2013-6343?
CVE-2013-6343 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6343?
Check the references section above for vendor advisories and patch information. Affected products include: Asus Tm-Ac1900 Firmware, Asus Tm-Ac1900, Asus Rt-N56U Firmware, Asus Rt-N56U, Asus Rt-Ac66U Firmware.