CVE-2017-11420 — CRITICAL (9.8)

Q: How severe is CVE-2017-11420?

CVE-2017-11420 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-11420?

Check the references section above for vendor advisories and patch information. Affected products include: Asuswrt-Merlin Project Rt-Ac5300 Firmware, Asuswrt-Merlin Project Rt-Ac5300, Asuswrt-Merlin Project Rt Ac1900P Firmware, Asuswrt-Merlin Project Rt Ac1900P , Asuswrt-Merlin Project Rt-Ac68U Firmware.

Vulnerability Description

Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Asuswrt-Merlin Project	Rt-Ac5300 Firmware	<= 3.0.0.4.380.7743
Asuswrt-Merlin Project	Rt-Ac5300	-
Asuswrt-Merlin Project	Rt Ac1900P Firmware	<= 3.0.0.4.380.7743
Asuswrt-Merlin Project	Rt Ac1900P	-
Asuswrt-Merlin Project	Rt-Ac68U Firmware	<= 3.0.0.4.380.7743
Asuswrt-Merlin Project	Rt-Ac68U	-
Asuswrt-Merlin Project	Rt-Ac68P Firmware	<= 3.0.0.4.380.7743
Asuswrt-Merlin Project	Rt-Ac68P	-
Asuswrt-Merlin Project	Rt-Ac88U Firmware	<= 3.0.0.4.380.7743
Asuswrt-Merlin Project	Rt-Ac88U	-
Asuswrt-Merlin Project	Rt-Ac66U Firmware	<= 3.0.0.4.380.7743
Asuswrt-Merlin Project	Rt-Ac66U	-
Asuswrt-Merlin Project	Rt-Ac66U B1 Firmware	<= 3.0.0.4.380.7743
Asuswrt-Merlin Project	Rt-Ac66U B1	-
Asuswrt-Merlin Project	Rt-Ac58U Firmware	<= 3.0.0.4.380.7485
Asuswrt-Merlin Project	Rt-Ac58U	-
Asuswrt-Merlin Project	Rt-Ac56U Firmware	<= 3.0.0.4.380.7743
Asuswrt-Merlin Project	Rt-Ac56U	-
Asuswrt-Merlin Project	Rt-Ac55U Firmware	<= 3.0.0.4.380.7378
Asuswrt-Merlin Project	Rt-Ac55U	-

Related Weaknesses (CWE)

CWE-119

References

http://www.openwall.com/lists/oss-security/2017/07/13/1ExploitMailing ListThird Party Advisory
https://asuswrt.lostrealm.ca/changelog
http://www.openwall.com/lists/oss-security/2017/07/13/1ExploitMailing ListThird Party Advisory
https://asuswrt.lostrealm.ca/changelog

FAQ

What is CVE-2017-11420?

CVE-2017-11420 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-A...

How severe is CVE-2017-11420?

CVE-2017-11420 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-11420?

Check the references section above for vendor advisories and patch information. Affected products include: Asuswrt-Merlin Project Rt-Ac5300 Firmware, Asuswrt-Merlin Project Rt-Ac5300, Asuswrt-Merlin Project Rt Ac1900P Firmware, Asuswrt-Merlin Project Rt Ac1900P , Asuswrt-Merlin Project Rt-Ac68U Firmware.