Remote code execution in Asus routers

Published: 2017-09-12
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-12754
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Hardware solutions / Firmware

Vendor Asus

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Stack-based buffer overflow

EUVDB-ID: #VU11222

Risk: High


CVE-ID: CVE-2017-12754

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No


The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists in the httpd daemon due to improper processing of crafted HTTP GET request packets. A remote attacker can send a specially crafted HTTP GET request that contains a long delete_offline_client parameter, trigger a stack-based buffer overflow and execute arbitrary code.


Install update from vendor's website.

Vulnerable software versions

AsusWRT: 380.60 - 380.68

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?