CVE-2017-11345
Last modified
CVE-2017-11345 is a vulnerability of currently unknown severity. Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response.. EPSS estimates a 1.85% chance of exploitation in the next 30 days.
Description
Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Asuswrt-Merlin Project | Rt-Ac5300 Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt Ac1900p Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt-Ac68u Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt-Ac68p Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt-Ac88u Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt-Ac66u Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt-Ac66u B1 Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt-Ac58u Firmware | <= 3.0.0.4.380.7485 |
| Asuswrt-Merlin Project | Rt-Ac56u Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt-Ac55u Firmware | <= 3.0.0.4.380.7378 |
| Asuswrt-Merlin Project | Rt-Ac52u Firmware | <= 3.0.0.4.380.4180 |
| Asuswrt-Merlin Project | Rt-Ac51u Firmware | <= 3.0.0.4.380.7378 |
| Asuswrt-Merlin Project | Rt-N18u Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt-N66u Firmware | <= 3.0.0.4.380.7378 |
| Asuswrt-Merlin Project | Rt-N56u Firmware | <= 3.0.0.4.378.7177 |
| Asuswrt-Merlin Project | Rt-Ac3200 Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt-Ac3100 Firmware | <= 3.0.0.4.380.7743 |
| Asuswrt-Merlin Project | Rt Ac1200gu Firmware | <= 3.0.0.4.380.5577 |
| Asuswrt-Merlin Project | Rt Ac1200g Firmware | <= 3.0.0.4.380.3167 |
| Asuswrt-Merlin Project | Rt-Ac1200 Firmware | <= 3.0.0.4.380.9880 |
| Asuswrt-Merlin Project | Rt-Ac53 Firmware | <= 3.0.0.4.380.9883 |
| Asuswrt-Merlin Project | Rt-N12hp Firmware | <= 3.0.0.4.380.2943 |
| Asuswrt-Merlin Project | Rt-N12hp B1 Firmware | <= 3.0.0.4.380.3479 |
| Asuswrt-Merlin Project | Rt-N12d1 Firmware | <= 3.0.0.4.380.7378 |
| Asuswrt-Merlin Project | Rt-N12\+ Firmware | <= 3.0.0.4.380.7378 |
| Asuswrt-Merlin Project | Rt N12\+ Pro Firmware | <= 3.0.0.4.380.9880 |
| Asuswrt-Merlin Project | Rt-N16 Firmware | <= 3.0.0.4.380.7378 |
| Asuswrt-Merlin Project | Rt-N300 Firmware | <= 3.0.0.4.380.7378 |
References
- http://www.openwall.com/lists/oss-security/2017/07/14/3Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2017/07/14/3Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-11345?
How severe is CVE-2017-11345?
How do I fix CVE-2017-11345?
Are you affected by CVE-2017-11345?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST