Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-5721

Published: 17/01/2018 Updated: 24/08/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Asuswrt-merlin

Vulnerability Summary

Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from github.com/RMerl/asuswrt-merlin) allows web authenticated malicious users to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.

Vulnerable Product Search on Vulmon Subscribe to Product

asuswrt-merlin asuswrt-merlin

Github Repositories

https://github.com/w0lfzhang/some_nday_bugs

Some Bugs Publishing some bugs(already pathched) found by me and exploits written by me(tagged) Bugs Links Sonicwall SMA RCE(writing exp) githubcom/w0lfzhang/some_iot_bugs/tree/master/Sonicwall-CVE-2019-7482 Cisco RV34x RCE githubcom/w0lfzhang/some_iot_bugs/tree/master/Cisco-RV34x-RCE H3C ERg2 RCE githubcom/w0lfzhang/some_iot_bugs/tree/ma

References

CWE-787http://www.w0lfzhang.com/2018/01/17/ASUS-router-stack-overflow-in-http-server/https://nvd.nist.govhttps://github.com/w0lfzhang/some_nday_bugs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook