1. Home
  2. CVE Database
  3. CVE-2017-11344
HIGH · 7.8

CVE-2017-11344

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC5...

Vulnerability Description

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Asuswrt-Merlin ProjectRt-Ac5300 Firmware<= 3.0.0.4.380.7743
Asuswrt-Merlin ProjectRt-Ac5300-
Asuswrt-Merlin ProjectRt Ac1900P Firmware<= 3.0.0.4.380.7743
Asuswrt-Merlin ProjectRt Ac1900P -
Asuswrt-Merlin ProjectRt-Ac68U Firmware<= 3.0.0.4.380.7743
Asuswrt-Merlin ProjectRt-Ac68U-
Asuswrt-Merlin ProjectRt-Ac68P Firmware<= 3.0.0.4.380.7743
Asuswrt-Merlin ProjectRt-Ac68P-
Asuswrt-Merlin ProjectRt-Ac88U Firmware<= 3.0.0.4.380.7743
Asuswrt-Merlin ProjectRt-Ac88U-
Asuswrt-Merlin ProjectRt-Ac66U Firmware<= 3.0.0.4.380.7743
Asuswrt-Merlin ProjectRt-Ac66U-
Asuswrt-Merlin ProjectRt-Ac66U B1 Firmware<= 3.0.0.4.380.7743
Asuswrt-Merlin ProjectRt-Ac66U B1-
Asuswrt-Merlin ProjectRt-Ac58U Firmware<= 3.0.0.4.380.7485
Asuswrt-Merlin ProjectRt-Ac58U-
Asuswrt-Merlin ProjectRt-Ac56U Firmware<= 3.0.0.4.380.7743
Asuswrt-Merlin ProjectRt-Ac56U-
Asuswrt-Merlin ProjectRt-Ac55U Firmware<= 3.0.0.4.380.7378
Asuswrt-Merlin ProjectRt-Ac55U-

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2017-11344?

CVE-2017-11344 is a vulnerability with a CVSS score of 7.8 (HIGH). Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC5...

How severe is CVE-2017-11344?

CVE-2017-11344 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-11344?

Check the references section above for vendor advisories and patch information. Affected products include: Asuswrt-Merlin Project Rt-Ac5300 Firmware, Asuswrt-Merlin Project Rt-Ac5300, Asuswrt-Merlin Project Rt Ac1900P Firmware, Asuswrt-Merlin Project Rt Ac1900P , Asuswrt-Merlin Project Rt-Ac68U Firmware.