Multiple vulnerabilities in Asus RT
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-6547 CVE-2017-6549 CVE-2017-6548 |
| CWE-ID | CWE-79 CWE-592 CWE-121 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
RT-AC53 Hardware solutions / Routers for home users RT-N600 Hardware solutions / Routers for home users RT-N300 Hardware solutions / Routers for home users RT-N66W Hardware solutions / Routers for home users RT-N66U Hardware solutions / Routers for home users RT-N66R Hardware solutions / Routers for home users RT-N56U Hardware solutions / Routers for home users RT-N16 Hardware solutions / Routers for home users RT-N12E Hardware solutions / Routers for home users RT-N12+ Hardware solutions / Routers for home users RT-N12 Hardware solutions / Routers for home users RT-N11P Hardware solutions / Routers for home users RT-AC5300 Hardware solutions / Routers for home users RT-AC3200 Hardware solutions / Routers for home users RT-AC3100 Hardware solutions / Routers for home users RT-AC1750 Hardware solutions / Routers for home users RT-AC1200 Hardware solutions / Routers for home users RT-AC88U Hardware solutions / Routers for home users RT-AC87U Hardware solutions / Routers for home users RT-AC87R Hardware solutions / Routers for home users RT-AC68R Hardware solutions / Routers for home users RT-AC68P Hardware solutions / Routers for home users RT-AC68W Hardware solutions / Routers for home users RT-AC66W Hardware solutions / Routers for home users RT-AC68UF Hardware solutions / Routers for home users RT-AC68U Hardware solutions / Routers for home users RT-AC66U Hardware solutions / Routers for home users RT-AC56U Hardware solutions / Routers for home users RT-AC56S Hardware solutions / Routers for home users RT-AC56R Hardware solutions / Routers for home users RT-AC55U Hardware solutions / Routers for home users RT-AC52U B1 Hardware solutions / Routers for home users RT-AC51U Hardware solutions / Routers for home users |
| Vendor | Asus |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU6513
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-6547
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability is caused by incorrect filtration of input data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
RT-AC53: - - 3.0.0.4.380.6038
RT-N600: All versions
RT-N300: All versions
RT-N66W: All versions
RT-N66U: B1
RT-N66R: All versions
RT-N56U: All versions
RT-N16: All versions
RT-N12E: All versions
RT-N12+: All versions
RT-N12: D1
RT-N11P: All versions
RT-AC5300: All versions
RT-AC3200: All versions
RT-AC3100: All versions
RT-AC1750: All versions
RT-AC1200: All versions
RT-AC88U: All versions
RT-AC87U: All versions
RT-AC87R: All versions
RT-AC68R: All versions
RT-AC68P: All versions
RT-AC68W: All versions
RT-AC66W: All versions
RT-AC68UF: All versions
RT-AC68U: All versions
RT-AC66U: All versions
RT-AC56U: All versions
RT-AC56S: All versions
RT-AC56R: All versions
RT-AC55U: All versions
RT-AC52U B1: All versions
RT-AC51U: All versions
CPE2.3- cpe:2.3:h:asus:rt-ac53:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac53:3.0.0.4.380.6038:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n600:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n300:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n66w:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n66u:B1:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n66r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n56u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n16:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n12e:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n12_plus:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n12:D1:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n11p:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac5300:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac3200:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac3100:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac1750:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac1200:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac88u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac87u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac87r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68p:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68w:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac66w:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68uf:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac66u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac56u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac56s:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac56r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac55u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac52u_b1:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac51u:*:*:*:*:*:*:*:*
https://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Session hijacking
EUVDB-ID: #VU6514
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-6549
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: Yes
DescriptionThe vulnerability allows a remote unauthenticated user to hijack any active admin session.
The weakness exists due to improper input validation. A remote attacker can send cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers and gain the session cookies to hijack the valid user's session.
Successful exploitation of the vulnerability leads to session steal.
MitigationInstall update from vendor's website.
RT-AC53: - - 3.0.0.4.380.6038
RT-N600: All versions
RT-N300: All versions
RT-N66W: All versions
RT-N66U: B1
RT-N66R: All versions
RT-N56U: All versions
RT-N16: All versions
RT-N12E: All versions
RT-N12+: All versions
RT-N12: D1
RT-N11P: All versions
RT-AC5300: All versions
RT-AC3200: All versions
RT-AC3100: All versions
RT-AC1750: All versions
RT-AC1200: All versions
RT-AC88U: All versions
RT-AC87U: All versions
RT-AC87R: All versions
RT-AC68R: All versions
RT-AC68P: All versions
RT-AC68W: All versions
RT-AC66W: All versions
RT-AC68UF: All versions
RT-AC68U: All versions
RT-AC66U: All versions
RT-AC56U: All versions
RT-AC56S: All versions
RT-AC56R: All versions
RT-AC55U: All versions
RT-AC52U B1: All versions
RT-AC51U: All versions
CPE2.3- cpe:2.3:h:asus:rt-ac53:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac53:3.0.0.4.380.6038:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n600:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n300:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n66w:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n66u:B1:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n66r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n56u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n16:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n12e:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n12_plus:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n12:D1:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n11p:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac5300:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac3200:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac3100:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac1750:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac1200:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac88u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac87u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac87r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68p:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68w:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac66w:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68uf:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac66u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac56u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac56s:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac56r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac55u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac52u_b1:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac51u:*:*:*:*:*:*:*:*
https://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Stack-based buffer overflow
EUVDB-ID: #VU6515
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-6548
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow. A remote attacker can send a specially crafted multicast messages containing a long host or port, trigger memory corruption, gain control over networkmap’s control flow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability result in arbitrary code execution.
MitigationInstall update from vendor's website.
RT-AC53: - - 3.0.0.4.380.6038
RT-N600: All versions
RT-N300: All versions
RT-N66W: All versions
RT-N66U: B1
RT-N66R: All versions
RT-N56U: All versions
RT-N16: All versions
RT-N12E: All versions
RT-N12+: All versions
RT-N12: D1
RT-N11P: All versions
RT-AC5300: All versions
RT-AC3200: All versions
RT-AC3100: All versions
RT-AC1750: All versions
RT-AC1200: All versions
RT-AC88U: All versions
RT-AC87U: All versions
RT-AC87R: All versions
RT-AC68R: All versions
RT-AC68P: All versions
RT-AC68W: All versions
RT-AC66W: All versions
RT-AC68UF: All versions
RT-AC68U: All versions
RT-AC66U: All versions
RT-AC56U: All versions
RT-AC56S: All versions
RT-AC56R: All versions
RT-AC55U: All versions
RT-AC52U B1: All versions
RT-AC51U: All versions
CPE2.3- cpe:2.3:h:asus:rt-ac53:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac53:3.0.0.4.380.6038:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n600:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n300:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n66w:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n66u:B1:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n66r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n56u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n16:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n12e:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n12_plus:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n12:D1:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-n11p:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac5300:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac3200:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac3100:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac1750:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac1200:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac88u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac87u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac87r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68p:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68w:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac66w:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68uf:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac68u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac66u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac56u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac56s:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac56r:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac55u:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac52u_b1:*:*:*:*:*:*:*:*
- cpe:2.3:h:asus:rt-ac51u:*:*:*:*:*:*:*:*
https://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
