← Back

CVE-2017-11344

nvd nist
Published: Jul 17, 2017Modified: May 13, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.

Affected (28)

Asuswrt Merlin Project
28 products
Rt Ac5300 Firmware
Rt Ac1900p Firmware
Rt Ac68u Firmware
Rt Ac68p Firmware
Rt Ac88u Firmware
Rt Ac66u Firmware
Rt Ac66u B1 Firmware
Rt Ac58u Firmware
Rt Ac56u Firmware
Rt Ac55u Firmware
Rt Ac52u Firmware
Rt Ac51u Firmware
Rt N18u Firmware
Rt N66u Firmware
Rt N56u Firmware
Rt Ac3200 Firmware
Rt Ac3100 Firmware
Rt Ac1200gu Firmware
Rt Ac1200g Firmware
Rt Ac1200 Firmware
Rt Ac53 Firmware
Rt N12hp Firmware
Rt N12hp B1 Firmware
Rt N12d1 Firmware
Rt N12+ Firmware
Rt N12+ Pro Firmware
Rt N16 Firmware
Rt N300 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac5300 Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac5300
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac1900p Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac1900p
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac68u Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac68u
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac68p Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac68p
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac88u Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac88u
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac66u Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac66u
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac66u B1 Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac66u B1
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac58u Firmware
Up to 3.0.0.4.380.7485
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac58u
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac56u Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac56u
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac55u Firmware
Up to 3.0.0.4.380.7378
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac55u
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac52u Firmware
Up to 3.0.0.4.380.4180
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac52u
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac51u Firmware
Up to 3.0.0.4.380.7378
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac51u
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N18u Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N18u
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N66u Firmware
Up to 3.0.0.4.380.7378
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N66u
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N56u Firmware
Up to 3.0.0.4.378.7177
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N56u
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac3200 Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac3200
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac3100 Firmware
Up to 3.0.0.4.380.7743
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac3100
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac1200gu Firmware
Up to 3.0.0.4.380.5577
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac1200gu
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac1200g Firmware
Up to 3.0.0.4.380.3167
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac1200g
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac1200 Firmware
Up to 3.0.0.4.380.9880
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac1200
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ac53 Firmware
Up to 3.0.0.4.380.9883
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt Ac53
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N12hp Firmware
Up to 3.0.0.4.380.2943
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N12hp
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N12hp B1 Firmware
Up to 3.0.0.4.380.3479
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N12hp B1
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N12d1 Firmware
Up to 3.0.0.4.380.7378
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N12d1
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N12+ Firmware
Up to 3.0.0.4.380.7378
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N12+
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N12+ Pro Firmware
Up to 3.0.0.4.380.9880
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N12+ Pro
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N16 Firmware
Up to 3.0.0.4.380.7378
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N16
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt N300 Firmware
Up to 3.0.0.4.380.7378
Running on/withPlatform Versions
Asuswrt Merlin Project
Rt N300
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.