CVE-2013-6343

Published: Jan 22, 2014Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.

Affected (3)

Products: Asus: Tm Ac1900 Firmware, Rt N56u Firmware, Rt Ac66u Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Tm Ac1900 Firmware	Version 3.0.0.4..374_979

Running on/with	Platform Versions
Asus Tm Ac1900	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Rt N56u Firmware	Version 3.0.0.4..374_979

Running on/with	Platform Versions
Asus Rt N56u	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Rt Ac66u Firmware	Version 3.0.0.4..374_979

Running on/with	Platform Versions
Asus Rt Ac66u	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html

Source: cve@mitre.org

Exploit

http://osvdb.org/102267

Source: cve@mitre.org

http://www.exploit-db.com/exploits/31033

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/65046

Source: cve@mitre.org

https://support.t-mobile.com/docs/DOC-21994

Source: cve@mitre.org

http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html