CVE-2017-12754: Buffer Overflow
First published: Wed Aug 09 2017(Updated: )
Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asuswrt-Merlin | <=380.67 | |
| Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| ASUS Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin project RT-AC55U | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| ASUS Asuswrt-Merlin | ||
| ASUS RT-AC66U B1 | ||
| Asuswrt-Merlin | ||
| ASUS RT-AC68U | ||
| Asuswrt-Merlin project RT-AC88U | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin project RT-N12HP B1 firmware | ||
| Asuswrt-Merlin project RT-N12HP B1 firmware | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin project RT-N18U | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin project RT-N66U firmware | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin | ||
| Asuswrt-Merlin RT-N12+ Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12754?
CVE-2017-12754 is classified as a high severity vulnerability due to the potential for remote code execution through a stack buffer overflow.
How do I fix CVE-2017-12754?
To fix CVE-2017-12754, upgrade your Asuswrt-Merlin firmware to version 380.68 or later.
Which devices are affected by CVE-2017-12754?
CVE-2017-12754 affects several ASUS devices running Asuswrt-Merlin firmware version 380.67 or earlier.
What is a stack buffer overflow in the context of CVE-2017-12754?
A stack buffer overflow in CVE-2017-12754 allows an attacker to exploit the httpd component to execute arbitrary code or crash the device.
Can exploiting CVE-2017-12754 lead to data loss?
Exploiting CVE-2017-12754 may potentially lead to data loss or leakage if an attacker successfully executes malicious code on the affected device.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/asuswrt-merlin
- canonical/asuswrt-merlin
- version/asuswrt-merlin/380.67
- canonical/asus asuswrt-merlin
- canonical/asuswrt-merlin project rt-ac55u
- canonical/asus rt-ac66u b1
- canonical/asus rt-ac68u
- canonical/asuswrt-merlin project rt-ac88u
- canonical/asuswrt-merlin project rt-n12hp b1 firmware
- canonical/asuswrt-merlin project rt-n18u
- canonical/asuswrt-merlin project rt-n66u firmware
- canonical/asuswrt-merlin rt-n12+ pro