critical
9.3
CWE
119
Advisory Published
Updated

CVE-2017-11344: Buffer Overflow

First published: Mon Jul 17 2017(Updated: )

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ASUS Asuswrt-Merlin<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC5300 firmware
Asuswrt-Merlin project RT-AC1900P<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC1900P firmware
Asuswrt-Merlin project RT-AC68U<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC68U firmware
ASUS Asuswrt-Merlin<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC68P firmware
ASUS Asuswrt-Merlin<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC88U firmware
ASUS Asuswrt-Merlin<=3.0.0.4.380.7743
Asuswrt-Merlin
Asuswrt-Merlin project RT-AC66U B1 firmware<=3.0.0.4.380.7743
Asuswrt-Merlin
Asuswrt-Merlin<=3.0.0.4.380.7485
Asuswrt-Merlin project RT-AC58U firmware
ASUS Asuswrt-Merlin<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC56U firmware
Asuswrt-Merlin project RT-AC55U<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-AC55U firmware
Asuswrt-Merlin project RT-AC52U<=3.0.0.4.380.4180
Asuswrt-Merlin
Asuswrt-Merlin project RT-AC51U<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-AC51U firmware
Asuswrt-Merlin project RT-N18U<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-N18U firmware
Asuswrt-Merlin project RT-N66U<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-N66U firmware
Asuswrt-Merlin project RT-N56U<=3.0.0.4.378.7177
Asuswrt-Merlin project RT-N56U firmware
Asuswrt-Merlin project RT-AC3200<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC3200 firmware
Asuswrt-Merlin project RT-AC3100<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC3100 firmware
Asuswrt-Merlin project rt AC1200GU<=3.0.0.4.380.5577
Asuswrt-Merlin project RT-AC1200GU firmware
Asuswrt-Merlin project rt AC1200G<=3.0.0.4.380.3167
Asuswrt-Merlin project rt AC1200G firmware
ASUS Asuswrt-Merlin<=3.0.0.4.380.9880
Asuswrt-Merlin project RT-AC1200 firmware
Asuswrt-Merlin project RT-AC53 firmware<=3.0.0.4.380.9883
Asuswrt-Merlin
Asuswrt-Merlin project RT-N12HP firmware<=3.0.0.4.380.2943
ASUS Asuswrt-Merlin
Asuswrt-Merlin<=3.0.0.4.380.3479
Asuswrt-Merlin project RT-N12HP B1 firmware
Asuswrt-Merlin project RT-N12D1<=3.0.0.4.380.7378
Asuswrt-Merlin RT-N12D1 firmware
Asuswrt-Merlin project RT-N12+ firmware<=3.0.0.4.380.7378
Asuswrt-Merlin
Asuswrt-Merlin project rt n12+ PRO firmware<=3.0.0.4.380.9880
Asuswrt-Merlin project RT-N12+ Pro
Asuswrt-Merlin project RT-N16<=3.0.0.4.380.7378
Asuswrt-Merlin RT-N16 firmware
Asuswrt-Merlin project RT-N300<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-N300 firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2017-11344?

    CVE-2017-11344 has been classified with a high severity level due to its potential for a global buffer overflow.

  • How do I fix CVE-2017-11344?

    To fix CVE-2017-11344, update the affected Asuswrt-Merlin firmware to the latest version available.

  • Which devices are affected by CVE-2017-11344?

    CVE-2017-11344 affects multiple ASUS devices running specific versions of Asuswrt-Merlin firmware.

  • What are the firmware versions vulnerable to CVE-2017-11344?

    Firmware versions up to and including 3.0.0.4.380.7743 are vulnerable to CVE-2017-11344.

  • Is CVE-2017-11344 publicly disclosed?

    Yes, CVE-2017-11344 has been publicly disclosed and is included in various advisory databases.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203