This security bulletin contains one high risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the httpd daemon due to improper processing of crafted HTTP GET request packets. A remote attacker can send a specially crafted HTTP GET request that contains a long delete_offline_client parameter, trigger a stack-based buffer overflow and execute arbitrary code.Mitigation
Install update from vendor's website.Vulnerable software versions
AsusWRT: 380.60 - 380.68
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?