Vulnerabilities > CVE-2018-5721 - Out-of-bounds Write vulnerability in Asuswrt-Merlin

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

asuswrt-merlin

CWE-787

NVD

Published: 2018-01-17

Updated: 2020-08-24

Summary

Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.

Vulnerable Configurations

Part	Description	Count
OS	Asuswrt-Merlin Asuswrt Merlin Asuswrt Merlin 380.66 Asuswrt Merlin Asuswrt Merlin 380.66_2 Asuswrt Merlin Asuswrt Merlin 380.66_4 Asuswrt Merlin Asuswrt Merlin 380.66_6 Asuswrt Merlin Asuswrt Merlin 380.67 Asuswrt Merlin Asuswrt Merlin 380.68 Asuswrt Merlin Asuswrt Merlin 380.68_2 Asuswrt Merlin Asuswrt Merlin 380.68_4 Asuswrt Merlin Asuswrt Merlin 380.69 Asuswrt Merlin Asuswrt Merlin 380.69_2 Asuswrt Merlin Asuswrt Merlin 380.70 Asuswrt Merlin Asuswrt Merlin 382.1 Asuswrt Merlin Asuswrt Merlin 382.1_2	13

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

http://www.w0lfzhang.com/2018/01/17/ASUS-router-stack-overflow-in-http-server/