Vulnerabilities > CVE-2018-8879 - Out-of-bounds Write vulnerability in Asus Rt-Ac66U Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

asus

CWE-787

NVD

Published: 2019-11-21

Updated: 2019-12-04

Summary

Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.

Vulnerable Configurations

Part	Description	Count
OS	Asus Asus RT Ac66U Firmware 3.0.0.4.140 Asus RT Ac66U Firmware 3.0.0.4.220 Asus RT Ac66U Firmware 3.0.0.4.246 Asus RT Ac66U Firmware 3.0.0.4.260 Asus RT Ac66U Firmware 3.0.0.4.270 Asus RT Ac66U Firmware 3.0.0.4.354 Asus RT Ac66U Firmware 3.0.0.4.372_67 Asus RT Ac66U Firmware 3.0.0.4.380.8228	8
Hardware	Asus Asus RT Ac66U -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References