9.8
CRITICAL
CVE-2017-11420
ASUS Stack-Based Buffer Overflow Vulnerability
Description

Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.

INFO

Published Date :

July 18, 2017, 5:29 a.m.

Last Modified :

Nov. 21, 2024, 3:07 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2017-11420 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Asuswrt-merlin_project rt-ac5300_firmware
2 Asuswrt-merlin_project rt_ac1900p_firmware
3 Asuswrt-merlin_project rt-ac68u_firmware
4 Asuswrt-merlin_project rt-ac68p_firmware
5 Asuswrt-merlin_project rt-ac88u_firmware
6 Asuswrt-merlin_project rt-ac66u_firmware
7 Asuswrt-merlin_project rt-ac66u_b1_firmware
8 Asuswrt-merlin_project rt-ac58u_firmware
9 Asuswrt-merlin_project rt-ac56u_firmware
10 Asuswrt-merlin_project rt-ac55u_firmware
11 Asuswrt-merlin_project rt-ac52u_firmware
12 Asuswrt-merlin_project rt-ac51u_firmware
13 Asuswrt-merlin_project rt-n18u_firmware
14 Asuswrt-merlin_project rt-n66u_firmware
15 Asuswrt-merlin_project rt-n56u_firmware
16 Asuswrt-merlin_project rt-ac3200_firmware
17 Asuswrt-merlin_project rt-ac3100_firmware
18 Asuswrt-merlin_project rt_ac1200gu_firmware
19 Asuswrt-merlin_project rt_ac1200g_firmware
20 Asuswrt-merlin_project rt-ac1200_firmware
21 Asuswrt-merlin_project rt-ac53_firmware
22 Asuswrt-merlin_project rt-n12hp_firmware
23 Asuswrt-merlin_project rt-n12hp_b1_firmware
24 Asuswrt-merlin_project rt-n12d1_firmware
25 Asuswrt-merlin_project rt-n12\+_firmware
26 Asuswrt-merlin_project rt_n12\+_pro_firmware
27 Asuswrt-merlin_project rt-n16_firmware
28 Asuswrt-merlin_project rt-n300_firmware
29 Asuswrt-merlin_project rt-ac5300
30 Asuswrt-merlin_project rt_ac1900p_
31 Asuswrt-merlin_project rt-ac68u
32 Asuswrt-merlin_project rt-ac68p
33 Asuswrt-merlin_project rt-ac88u
34 Asuswrt-merlin_project rt-ac66u_b1
35 Asuswrt-merlin_project rt-ac56u
36 Asuswrt-merlin_project rt-ac3200
37 Asuswrt-merlin_project rt-ac3100
38 Asuswrt-merlin_project rt-ac66u
39 Asuswrt-merlin_project rt-ac58u
40 Asuswrt-merlin_project rt-ac55u
41 Asuswrt-merlin_project rt-ac52u
42 Asuswrt-merlin_project rt-ac51u
43 Asuswrt-merlin_project rt-n18u
44 Asuswrt-merlin_project rt-n66u
45 Asuswrt-merlin_project rt-n56u
46 Asuswrt-merlin_project rt_ac1200gu
47 Asuswrt-merlin_project rt_ac1200g
48 Asuswrt-merlin_project rt-ac1200
49 Asuswrt-merlin_project rt-ac53
50 Asuswrt-merlin_project rt-n12hp
51 Asuswrt-merlin_project rt-n12hp_b1
52 Asuswrt-merlin_project rt-n12d1
53 Asuswrt-merlin_project rt-n12\+
54 Asuswrt-merlin_project rt_n12\+_pro
55 Asuswrt-merlin_project rt-n16
56 Asuswrt-merlin_project rt-n300
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2017-11420.

URL Resource
http://www.openwall.com/lists/oss-security/2017/07/13/1 Exploit Mailing List Third Party Advisory
https://asuswrt.lostrealm.ca/changelog
http://www.openwall.com/lists/oss-security/2017/07/13/1 Exploit Mailing List Third Party Advisory
https://asuswrt.lostrealm.ca/changelog

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2017-11420 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2017-11420 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Dec. 20, 2017

    Action Type Old Value New Value
    Added Reference https://asuswrt.lostrealm.ca/changelog [No Types Assigned]
  • Initial Analysis by [email protected]

    Jul. 26, 2017

    Action Type Old Value New Value
    Added CVSS V2 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type http://www.openwall.com/lists/oss-security/2017/07/13/1 No Types Assigned http://www.openwall.com/lists/oss-security/2017/07/13/1 Exploit, Mailing List, Third Party Advisory
    Added CWE CWE-119
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac5300_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac5300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt_ac1900p_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt_ac1900p_:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac68u_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac68u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac68p_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac68p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac88u_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac88u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac66u_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac66u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac66u_b1_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac66u_b1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac58u_firmware:3.0.0.4.380.7485:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac58u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac56u_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac56u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac55u_firmware:3.0.0.4.380.7378:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac55u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac52u_firmware:3.0.0.4.380.4180:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac52u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac51u_firmware:3.0.0.4.380.7378:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac51u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-n18u_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-n18u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-n66u_firmware:3.0.0.4.380.7378:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-n66u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-n56u_firmware:3.0.0.4.378.7177:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-n56u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac3200_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac3200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac3100_firmware:3.0.0.4.380.7743:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac3100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt_ac1200gu_firmware:3.0.0.4.380.5577:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt_ac1200gu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt_ac1200g_firmware:3.0.0.4.380.3167:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt_ac1200g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac1200_firmware:3.0.0.4.380.9880:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac1200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-ac53_firmware:3.0.0.4.380.9883:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-ac53:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-n12hp_firmware:3.0.0.4.380.2943:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-n12hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-n12hp_b1_firmware:3.0.0.4.380.3479:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-n12hp_b1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-n12d1_firmware:3.0.0.4.380.7378:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-n12d1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-n12\+_firmware:3.0.0.4.380.7378:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-n12\+:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt_n12\+_pro_firmware:3.0.0.4.380.9880:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt_n12\+_pro:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-n16_firmware:3.0.0.4.380.7378:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-n16:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:asuswrt-merlin_project:rt-n300_firmware:3.0.0.4.380.7378:*:*:*:*:*:*:* (and previous) OR cpe:2.3:h:asuswrt-merlin_project:rt-n300:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

3.84 }} 0.68%

score

0.91599

percentile

CVSS30 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability