#VU6515 Stack-based buffer overflow in Asus products - CVE-2017-6548
Published: May 11, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU6515
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2017-6548
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
RT-AC53
RT-N600
RT-N300
RT-N66W
RT-N66U
RT-N66R
RT-N56U
RT-N16
RT-N12E
RT-N12+
RT-N12
RT-N11P
RT-AC5300
RT-AC3200
RT-AC3100
RT-AC1750
RT-AC1200
RT-AC88U
RT-AC87U
RT-AC87R
RT-AC68R
RT-AC68P
RT-AC68W
RT-AC66W
RT-AC68UF
RT-AC68U
RT-AC66U
RT-AC56U
RT-AC56S
RT-AC56R
RT-AC55U
RT-AC52U B1
RT-AC51U
RT-AC53
RT-N600
RT-N300
RT-N66W
RT-N66U
RT-N66R
RT-N56U
RT-N16
RT-N12E
RT-N12+
RT-N12
RT-N11P
RT-AC5300
RT-AC3200
RT-AC3100
RT-AC1750
RT-AC1200
RT-AC88U
RT-AC87U
RT-AC87R
RT-AC68R
RT-AC68P
RT-AC68W
RT-AC66W
RT-AC68UF
RT-AC68U
RT-AC66U
RT-AC56U
RT-AC56S
RT-AC56R
RT-AC55U
RT-AC52U B1
RT-AC51U
Software vendor:
Asus
Asus
Description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow. A remote attacker can send a specially crafted multicast messages containing a long host or port, trigger memory corruption, gain control over networkmap’s control flow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability result in arbitrary code execution.
Remediation
Install update from vendor's website.