CVE-2018-20336

Published: Sep 17, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.

Affected (1)

Products: Asus: Asuswrt Merlin

Asus

1 product

Asuswrt Merlin

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Asuswrt Merlin	Version 3.0.0.4.384.20308

Running on/with	Platform Versions
Asus Rt Ac68u	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://starlabs.sg/advisories/18-20336/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.asus.com/Networking/RT-AC1200G-plus/HelpDesk_BIOS/

Source: cve@mitre.org

https://starlabs.sg/advisories/18-20336/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.asus.com/Networking/RT-AC1200G-plus/HelpDesk_BIOS/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.