What is the severity of CVE-2017-11420?

CVE-2017-11420 is classified as a high severity vulnerability due to the potential for remote code execution resulting from a stack-based buffer overflow.

How do I fix CVE-2017-11420?

To fix CVE-2017-11420, users should update their ASUS devices running affected firmware versions to the latest available firmware that addresses this vulnerability.

Which ASUS devices are impacted by CVE-2017-11420?

CVE-2017-11420 affects various ASUS devices including RT-AC5300, RT-AC1900P, RT-AC68U, and several others running specific versions of Asuswrt-Merlin firmware.

What symptoms indicate exploitation of CVE-2017-11420?

Symptoms of exploitation of CVE-2017-11420 may include unexpected device behavior, crashes, or unauthorized access to the network.

Is there a workaround for CVE-2017-11420 aside from updating?

While updating is the most effective solution for CVE-2017-11420, users can reduce exposure by disabling remote management features if they are not needed.

Vulnerability/
CVE-2017-11420

critical

CWE

119

18/7/2017

5/8/2024

CVE-2017-11420: Buffer Overflow

First published: Tue Jul 18 2017(Updated: )

Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC5300 firmware
Asuswrt-Merlin project RT-AC1900P	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC1900P firmware
Asuswrt-Merlin project RT-AC68U	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC68U firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC68P firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC88U firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin
Asuswrt-Merlin project RT-AC66U B1 firmware	<=3.0.0.4.380.7743
Asuswrt-Merlin
Asuswrt-Merlin	<=3.0.0.4.380.7485
Asuswrt-Merlin project RT-AC58U firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC56U firmware
Asuswrt-Merlin project RT-AC55U	<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-AC55U firmware
Asuswrt-Merlin project RT-AC52U	<=3.0.0.4.380.4180
Asuswrt-Merlin
Asuswrt-Merlin project RT-AC51U	<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-AC51U firmware
Asuswrt-Merlin project RT-N18U	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-N18U firmware
Asuswrt-Merlin project RT-N66U	<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-N66U firmware
Asuswrt-Merlin project RT-N56U	<=3.0.0.4.378.7177
Asuswrt-Merlin project RT-N56U firmware
Asuswrt-Merlin project RT-AC3200	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC3200 firmware
Asuswrt-Merlin project RT-AC3100	<=3.0.0.4.380.7743
Asuswrt-Merlin project RT-AC3100 firmware
Asuswrt-Merlin project rt AC1200GU	<=3.0.0.4.380.5577
Asuswrt-Merlin project RT-AC1200GU firmware
Asuswrt-Merlin project rt AC1200G	<=3.0.0.4.380.3167
Asuswrt-Merlin project rt AC1200G firmware
ASUS Asuswrt-Merlin	<=3.0.0.4.380.9880
Asuswrt-Merlin project RT-AC1200 firmware
Asuswrt-Merlin project RT-AC53 firmware	<=3.0.0.4.380.9883
Asuswrt-Merlin
Asuswrt-Merlin project RT-N12HP firmware	<=3.0.0.4.380.2943
ASUS Asuswrt-Merlin
Asuswrt-Merlin	<=3.0.0.4.380.3479
Asuswrt-Merlin project RT-N12HP B1 firmware
Asuswrt-Merlin project RT-N12D1	<=3.0.0.4.380.7378
Asuswrt-Merlin RT-N12D1 firmware
Asuswrt-Merlin project RT-N12+ firmware	<=3.0.0.4.380.7378
Asuswrt-Merlin
Asuswrt-Merlin project rt n12+ PRO firmware	<=3.0.0.4.380.9880
Asuswrt-Merlin project RT-N12+ Pro
Asuswrt-Merlin project RT-N16	<=3.0.0.4.380.7378
Asuswrt-Merlin RT-N16 firmware
Asuswrt-Merlin project RT-N300	<=3.0.0.4.380.7378
Asuswrt-Merlin project RT-N300 firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-11420?
CVE-2017-11420 is classified as a high severity vulnerability due to the potential for remote code execution resulting from a stack-based buffer overflow.
How do I fix CVE-2017-11420?
To fix CVE-2017-11420, users should update their ASUS devices running affected firmware versions to the latest available firmware that addresses this vulnerability.
Which ASUS devices are impacted by CVE-2017-11420?
CVE-2017-11420 affects various ASUS devices including RT-AC5300, RT-AC1900P, RT-AC68U, and several others running specific versions of Asuswrt-Merlin firmware.
What symptoms indicate exploitation of CVE-2017-11420?
Symptoms of exploitation of CVE-2017-11420 may include unexpected device behavior, crashes, or unauthorized access to the network.
Is there a workaround for CVE-2017-11420 aside from updating?
While updating is the most effective solution for CVE-2017-11420, users can reduce exposure by disabling remote management features if they are not needed.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/asuswrt-merlin project
canonical/asus asuswrt-merlin
version/asus asuswrt-merlin/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac5300 firmware
canonical/asuswrt-merlin project rt-ac1900p
version/asuswrt-merlin project rt-ac1900p/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac1900p firmware
canonical/asuswrt-merlin project rt-ac68u
version/asuswrt-merlin project rt-ac68u/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac68u firmware
canonical/asuswrt-merlin project rt-ac68p firmware
canonical/asuswrt-merlin project rt-ac88u firmware
canonical/asuswrt-merlin
canonical/asuswrt-merlin project rt-ac66u b1 firmware
version/asuswrt-merlin project rt-ac66u b1 firmware/3.0.0.4.380.7743
version/asuswrt-merlin/3.0.0.4.380.7485
canonical/asuswrt-merlin project rt-ac58u firmware
canonical/asuswrt-merlin project rt-ac56u firmware
canonical/asuswrt-merlin project rt-ac55u
version/asuswrt-merlin project rt-ac55u/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt-ac55u firmware
canonical/asuswrt-merlin project rt-ac52u
version/asuswrt-merlin project rt-ac52u/3.0.0.4.380.4180
canonical/asuswrt-merlin project rt-ac51u
version/asuswrt-merlin project rt-ac51u/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt-ac51u firmware
canonical/asuswrt-merlin project rt-n18u
version/asuswrt-merlin project rt-n18u/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-n18u firmware
canonical/asuswrt-merlin project rt-n66u
version/asuswrt-merlin project rt-n66u/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt-n66u firmware
canonical/asuswrt-merlin project rt-n56u
version/asuswrt-merlin project rt-n56u/3.0.0.4.378.7177
canonical/asuswrt-merlin project rt-n56u firmware
canonical/asuswrt-merlin project rt-ac3200
version/asuswrt-merlin project rt-ac3200/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac3200 firmware
canonical/asuswrt-merlin project rt-ac3100
version/asuswrt-merlin project rt-ac3100/3.0.0.4.380.7743
canonical/asuswrt-merlin project rt-ac3100 firmware
canonical/asuswrt-merlin project rt ac1200gu
version/asuswrt-merlin project rt ac1200gu/3.0.0.4.380.5577
canonical/asuswrt-merlin project rt-ac1200gu firmware
canonical/asuswrt-merlin project rt ac1200g
version/asuswrt-merlin project rt ac1200g/3.0.0.4.380.3167
canonical/asuswrt-merlin project rt ac1200g firmware
version/asus asuswrt-merlin/3.0.0.4.380.9880
canonical/asuswrt-merlin project rt-ac1200 firmware
canonical/asuswrt-merlin project rt-ac53 firmware
version/asuswrt-merlin project rt-ac53 firmware/3.0.0.4.380.9883
canonical/asuswrt-merlin project rt-n12hp firmware
version/asuswrt-merlin project rt-n12hp firmware/3.0.0.4.380.2943
version/asuswrt-merlin/3.0.0.4.380.3479
canonical/asuswrt-merlin project rt-n12hp b1 firmware
canonical/asuswrt-merlin project rt-n12d1
version/asuswrt-merlin project rt-n12d1/3.0.0.4.380.7378
canonical/asuswrt-merlin rt-n12d1 firmware
canonical/asuswrt-merlin project rt-n12+ firmware
version/asuswrt-merlin project rt-n12+ firmware/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt n12+ pro firmware
version/asuswrt-merlin project rt n12+ pro firmware/3.0.0.4.380.9880
canonical/asuswrt-merlin project rt-n12+ pro
canonical/asuswrt-merlin project rt-n16
version/asuswrt-merlin project rt-n16/3.0.0.4.380.7378
canonical/asuswrt-merlin rt-n16 firmware
canonical/asuswrt-merlin project rt-n300
version/asuswrt-merlin project rt-n300/3.0.0.4.380.7378
canonical/asuswrt-merlin project rt-n300 firmware