What is the severity of CVE-2017-11345?

CVE-2017-11345 is classified as a high severity vulnerability due to the potential for remote code execution.

How do I fix CVE-2017-11345?

To fix CVE-2017-11345, update the Asuswrt-Merlin firmware to the latest version available that addresses this vulnerability.

What devices are affected by CVE-2017-11345?

CVE-2017-11345 affects various ASUS routers, including models RT-AC5300, RT-AC1900P, and RT-AC68U, among others.

What type of vulnerability is CVE-2017-11345?

CVE-2017-11345 is a stack buffer overflow vulnerability that can be exploited over the network.

Can CVE-2017-11345 be exploited remotely?

Yes, CVE-2017-11345 can be exploited remotely if the vulnerable firmware is exposed to an attacker.

Vulnerability/
CVE-2017-11345

high

7.8

CWE

119

17/7/2017

20/12/2017

CVE-2017-11345: Buffer Overflow

First published: Mon Jul 17 2017(Updated: )

Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC5300 firmware
Asuswrt-Merlin project RT-AC1900P	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC1900P firmware
Asuswrt-Merlin project RT-AC68U	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC68U firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC68P firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC88U firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin
Asuswrt-Merlin project RT-AC66U B1 firmware	<=3.0.0.4.380.7743
Asuswrt-Merlin
Asuswrt-Merlin	<=3.0.0.4.380.7485
Asuswrt-Merlin project RT-AC58U firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC56U firmware
Asuswrt-Merlin project RT-AC55U	<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-AC55U firmware
Asuswrt-Merlin project RT-AC52U	<=3.0.0.4.380.4180
Asuswrt-Merlin
Asuswrt-Merlin project RT-AC51U	<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-AC51U firmware
Asuswrt-Merlin project RT-N18U	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-N18U firmware
Asuswrt-Merlin project RT-N66U	<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-N66U firmware
Asuswrt-Merlin project RT-N56U	<=3.0.0.4.378.7177
Asuswrt-Merlin project RT-N56U firmware
Asuswrt-Merlin project RT-AC3200	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC3200 firmware
Asuswrt-Merlin project RT-AC3100	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC3100 firmware
Asuswrt-Merlin project rt AC1200GU	<=3.0.0.4.380.5577
Asuswrt-Merlin project RT-AC1200GU firmware
Asuswrt-Merlin project rt AC1200G	<=3.0.0.4.380.3167
Asuswrt-Merlin project rt AC1200G firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.9880
Asuswrt-Merlin project RT-AC1200 firmware
Asuswrt-Merlin project RT-AC53 firmware	<=3.0.0.4.380.9883
Asuswrt-Merlin
Asuswrt-Merlin project RT-N12HP firmware	<=3.0.0.4.380.2943
ASUS Asuswrt-Merlin
Asuswrt-Merlin	<=3.0.0.4.380.3479
Asuswrt-Merlin project RT-N12HP B1 firmware
Asuswrt-Merlin project RT-N12D1	<=3.0.0.4.380.7378
Asuswrt-Merlin RT-N12D1 firmware
Asuswrt-Merlin project RT-N12+ firmware	<=3.0.0.4.380.7378
Asuswrt-Merlin
Asuswrt-Merlin project rt n12+ PRO firmware	<=3.0.0.4.380.9880
Asuswrt-Merlin project RT-N12+ Pro
Asuswrt-Merlin project RT-N16	<=3.0.0.4.380.7378
Asuswrt-Merlin RT-N16 firmware
Asuswrt-Merlin project RT-N300	<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-N300 firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-11345?
CVE-2017-11345 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2017-11345?
To fix CVE-2017-11345, update the Asuswrt-Merlin firmware to the latest version available that addresses this vulnerability.
What devices are affected by CVE-2017-11345?
CVE-2017-11345 affects various ASUS routers, including models RT-AC5300, RT-AC1900P, and RT-AC68U, among others.
What type of vulnerability is CVE-2017-11345?
CVE-2017-11345 is a stack buffer overflow vulnerability that can be exploited over the network.
Can CVE-2017-11345 be exploited remotely?
Yes, CVE-2017-11345 can be exploited remotely if the vulnerable firmware is exposed to an attacker.

agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/description
agent/severity
agent/weakness
agent/author
agent/event
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/asuswrt-merlin project
canonical/asus asuswrt-merlin
version/asus asuswrt-merlin/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac5300 firmware
canonical/asuswrt-merlin project rt-ac1900p
version/asuswrt-merlin project rt-ac1900p/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac1900p firmware
canonical/asuswrt-merlin project rt-ac68u
version/asuswrt-merlin project rt-ac68u/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac68u firmware
canonical/asuswrt-merlin project rt-ac68p firmware
canonical/asuswrt-merlin project rt-ac88u firmware
canonical/asuswrt-merlin
canonical/asuswrt-merlin project rt-ac66u b1 firmware
version/asuswrt-merlin project rt-ac66u b1 firmware/3.0.0.4.380.7743
version/asuswrt-merlin/3.0.0.4.380.7485
canonical/asuswrt-merlin project rt-ac58u firmware
canonical/asuswrt-merlin project rt-ac56u firmware
canonical/asuswrt-merlin project rt-ac55u
version/asuswrt-merlin project rt-ac55u/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt-ac55u firmware
canonical/asuswrt-merlin project rt-ac52u
version/asuswrt-merlin project rt-ac52u/3.0.0.4.380.4180
canonical/asuswrt-merlin project rt-ac51u
version/asuswrt-merlin project rt-ac51u/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt-ac51u firmware
canonical/asuswrt-merlin project rt-n18u
version/asuswrt-merlin project rt-n18u/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-n18u firmware
canonical/asuswrt-merlin project rt-n66u
version/asuswrt-merlin project rt-n66u/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt-n66u firmware
canonical/asuswrt-merlin project rt-n56u
version/asuswrt-merlin project rt-n56u/3.0.0.4.378.7177
canonical/asuswrt-merlin project rt-n56u firmware
canonical/asuswrt-merlin project rt-ac3200
version/asuswrt-merlin project rt-ac3200/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac3200 firmware
canonical/asuswrt-merlin project rt-ac3100
version/asuswrt-merlin project rt-ac3100/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac3100 firmware
canonical/asuswrt-merlin project rt ac1200gu
version/asuswrt-merlin project rt ac1200gu/3.0.0.4.380.5577
canonical/asuswrt-merlin project rt-ac1200gu firmware
canonical/asuswrt-merlin project rt ac1200g
version/asuswrt-merlin project rt ac1200g/3.0.0.4.380.3167
canonical/asuswrt-merlin project rt ac1200g firmware
version/asus asuswrt-merlin/3.0.0.4.380.9880
canonical/asuswrt-merlin project rt-ac1200 firmware
canonical/asuswrt-merlin project rt-ac53 firmware
version/asuswrt-merlin project rt-ac53 firmware/3.0.0.4.380.9883
canonical/asuswrt-merlin project rt-n12hp firmware
version/asuswrt-merlin project rt-n12hp firmware/3.0.0.4.380.2943
version/asuswrt-merlin/3.0.0.4.380.3479
canonical/asuswrt-merlin project rt-n12hp b1 firmware
canonical/asuswrt-merlin project rt-n12d1
version/asuswrt-merlin project rt-n12d1/3.0.0.4.380.7378
canonical/asuswrt-merlin rt-n12d1 firmware
canonical/asuswrt-merlin project rt-n12+ firmware
version/asuswrt-merlin project rt-n12+ firmware/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt n12+ pro firmware
version/asuswrt-merlin project rt n12+ pro firmware/3.0.0.4.380.9880
canonical/asuswrt-merlin project rt-n12+ pro
canonical/asuswrt-merlin project rt-n16
version/asuswrt-merlin project rt-n16/3.0.0.4.380.7378
canonical/asuswrt-merlin rt-n16 firmware
canonical/asuswrt-merlin project rt-n300
version/asuswrt-merlin project rt-n300/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt-n300 firmware