Multiple vulnerabilities in Asus RT



Published: 2017-05-11
Risk High
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2017-6547
CVE-2017-6549
CVE-2017-6548
CWE-ID CWE-79
CWE-592
CWE-121
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
RT-AC53
Hardware solutions / Routers for home users

RT-N600
Hardware solutions / Routers for home users

RT-N300
Hardware solutions / Routers for home users

RT-N66W
Hardware solutions / Routers for home users

RT-N66U
Hardware solutions / Routers for home users

RT-N66R
Hardware solutions / Routers for home users

RT-N56U
Hardware solutions / Routers for home users

RT-N16
Hardware solutions / Routers for home users

RT-N12E
Hardware solutions / Routers for home users

RT-N12+
Hardware solutions / Routers for home users

RT-N12
Hardware solutions / Routers for home users

RT-N11P
Hardware solutions / Routers for home users

RT-AC5300
Hardware solutions / Routers for home users

RT-AC3200
Hardware solutions / Routers for home users

RT-AC3100
Hardware solutions / Routers for home users

RT-AC1750
Hardware solutions / Routers for home users

RT-AC1200
Hardware solutions / Routers for home users

RT-AC88U
Hardware solutions / Routers for home users

RT-AC87U
Hardware solutions / Routers for home users

RT-AC87R
Hardware solutions / Routers for home users

RT-AC68R
Hardware solutions / Routers for home users

RT-AC68P
Hardware solutions / Routers for home users

RT-AC68W
Hardware solutions / Routers for home users

RT-AC66W
Hardware solutions / Routers for home users

RT-AC68UF
Hardware solutions / Routers for home users

RT-AC68U
Hardware solutions / Routers for home users

RT-AC66U
Hardware solutions / Routers for home users

RT-AC56U
Hardware solutions / Routers for home users

RT-AC56S
Hardware solutions / Routers for home users

RT-AC56R
Hardware solutions / Routers for home users

RT-AC55U
Hardware solutions / Routers for home users

RT-AC52U B1
Hardware solutions / Routers for home users

RT-AC51U
Hardware solutions / Routers for home users

Vendor Asus

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Cross-site scripting

EUVDB-ID: #VU6513

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-6547

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability is caused by incorrect filtration of input data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RT-AC53: 3.0.0.4.380.6038

RT-N600: All versions

RT-N300: All versions

RT-N66W: All versions

RT-N66U: B1

RT-N66R: All versions

RT-N56U: All versions

RT-N16: All versions

RT-N12E: All versions

RT-N12+: All versions

RT-N12: D1

RT-N11P: All versions

RT-AC5300: All versions

RT-AC3200: All versions

RT-AC3100: All versions

RT-AC1750: All versions

RT-AC1200: All versions

RT-AC88U: All versions

RT-AC87U: All versions

RT-AC87R: All versions

RT-AC68R: All versions

RT-AC68P: All versions

RT-AC68W: All versions

RT-AC66W: All versions

RT-AC68UF: All versions

RT-AC68U: All versions

RT-AC66U: All versions

RT-AC56U: All versions

RT-AC56S: All versions

RT-AC56R: All versions

RT-AC55U: All versions

RT-AC52U B1: All versions

RT-AC51U: All versions


CPE2.3 External links

http://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Session hijacking

EUVDB-ID: #VU6514

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-6549

CWE-ID: CWE-592 - Authentication Bypass Issues

Exploit availability: Yes

Description

The vulnerability allows a remote unauthenticated user to hijack any active admin session.

The weakness exists due to improper input validation. A remote attacker can send cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers and gain the session cookies to hijack the valid user's session.

Successful exploitation of the vulnerability leads to session steal.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RT-AC53: 3.0.0.4.380.6038

RT-N600: All versions

RT-N300: All versions

RT-N66W: All versions

RT-N66U: B1

RT-N66R: All versions

RT-N56U: All versions

RT-N16: All versions

RT-N12E: All versions

RT-N12+: All versions

RT-N12: D1

RT-N11P: All versions

RT-AC5300: All versions

RT-AC3200: All versions

RT-AC3100: All versions

RT-AC1750: All versions

RT-AC1200: All versions

RT-AC88U: All versions

RT-AC87U: All versions

RT-AC87R: All versions

RT-AC68R: All versions

RT-AC68P: All versions

RT-AC68W: All versions

RT-AC66W: All versions

RT-AC68UF: All versions

RT-AC68U: All versions

RT-AC66U: All versions

RT-AC56U: All versions

RT-AC56S: All versions

RT-AC56R: All versions

RT-AC55U: All versions

RT-AC52U B1: All versions

RT-AC51U: All versions


CPE2.3 External links

http://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Stack-based buffer overflow

EUVDB-ID: #VU6515

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-6548

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can send a specially crafted multicast messages containing a long host or port, trigger memory corruption, gain control over networkmap’s control flow and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability result in arbitrary code execution.

Mitigation

Install update from vendor's website.

Vulnerable software versions

RT-AC53: 3.0.0.4.380.6038

RT-N600: All versions

RT-N300: All versions

RT-N66W: All versions

RT-N66U: B1

RT-N66R: All versions

RT-N56U: All versions

RT-N16: All versions

RT-N12E: All versions

RT-N12+: All versions

RT-N12: D1

RT-N11P: All versions

RT-AC5300: All versions

RT-AC3200: All versions

RT-AC3100: All versions

RT-AC1750: All versions

RT-AC1200: All versions

RT-AC88U: All versions

RT-AC87U: All versions

RT-AC87R: All versions

RT-AC68R: All versions

RT-AC68P: All versions

RT-AC68W: All versions

RT-AC66W: All versions

RT-AC68UF: All versions

RT-AC68U: All versions

RT-AC66U: All versions

RT-AC56U: All versions

RT-AC56S: All versions

RT-AC56R: All versions

RT-AC55U: All versions

RT-AC52U B1: All versions

RT-AC51U: All versions


CPE2.3 External links

http://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###