← Back

CVE-2017-12754

nvd nist
Published: Aug 9, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.

Affected (1)

Asuswrt Merlin
1 product
Asuswrt Merlin
Configuration A
1 vulnerable · 28 platform
Vulnerable SoftwareAffected Versions
Asuswrt Merlin
Up to 380.67
Running on/withPlatform Versions
Asuswrt Merlin
Rt Ac1200
All versions
Asuswrt Merlin
Rt Ac3100
All versions
Asuswrt Merlin
Rt Ac3200
All versions
Asuswrt Merlin
Rt Ac51u
All versions
Asuswrt Merlin
Rt Ac52u
All versions
Asuswrt Merlin
Rt Ac53
All versions
Asuswrt Merlin
Rt Ac5300
All versions
Asuswrt Merlin
Rt Ac55u
All versions
Asuswrt Merlin
Rt Ac56u
All versions
Asuswrt Merlin
Rt Ac58u
All versions
Asuswrt Merlin
Rt Ac66u
All versions
Asuswrt Merlin
Rt Ac66u B1
All versions
Asuswrt Merlin
Rt Ac68p
All versions
Asuswrt Merlin
Rt Ac68u
All versions
Asuswrt Merlin
Rt Ac88u
All versions
Asuswrt Merlin
Rt N12+
All versions
Asuswrt Merlin
Rt N12d1
All versions
Asuswrt Merlin
Rt N12hp
All versions
Asuswrt Merlin
Rt N12hp B1
All versions
Asuswrt Merlin
Rt N16
All versions
Asuswrt Merlin
Rt N18u
All versions
Asuswrt Merlin
Rt N300
All versions
Asuswrt Merlin
Rt N56u
All versions
Asuswrt Merlin
Rt N66u
All versions
Asuswrt Merlin
Rt Ac1200g
All versions
Asuswrt Merlin
Rt Ac1200gu
All versions
Asuswrt Merlin
Rt Ac1900p
All versions
Asuswrt Merlin
Rt N12+ Pro
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.