What is the severity of CVE-2017-12754?

CVE-2017-12754 is classified as a high severity vulnerability due to the potential for remote code execution through a stack buffer overflow.

How do I fix CVE-2017-12754?

To fix CVE-2017-12754, upgrade your Asuswrt-Merlin firmware to version 380.68 or later.

Which devices are affected by CVE-2017-12754?

CVE-2017-12754 affects several ASUS devices running Asuswrt-Merlin firmware version 380.67 or earlier.

What is a stack buffer overflow in the context of CVE-2017-12754?

A stack buffer overflow in CVE-2017-12754 allows an attacker to exploit the httpd component to execute arbitrary code or crash the device.

Can exploiting CVE-2017-12754 lead to data loss?

Exploiting CVE-2017-12754 may potentially lead to data loss or leakage if an attacker successfully executes malicious code on the affected device.

Vulnerability/
CVE-2017-12754

high

8.8

CWE

119

9/8/2017

5/8/2024

CVE-2017-12754: Buffer Overflow

First published: Wed Aug 09 2017(Updated: )

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Asuswrt-Merlin	<=380.67
Asuswrt-Merlin
Asuswrt-Merlin
Asuswrt-Merlin
ASUS Asuswrt-Merlin
Asuswrt-Merlin
Asuswrt-Merlin
Asuswrt-Merlin
Asuswrt-Merlin project RT-AC55U
Asuswrt-Merlin
Asuswrt-Merlin
ASUS Asuswrt-Merlin
Asuswrt-Merlin project RT-AC66U B1
Asuswrt-Merlin
Asuswrt-Merlin
Asuswrt-Merlin project RT-AC88U
Asuswrt-Merlin
Asuswrt-Merlin
Asuswrt-Merlin RT-N12HP B1
Asuswrt-Merlin RT-N12HP
Asuswrt-Merlin
Asuswrt-Merlin project RT-N18U
Asuswrt-Merlin
Asuswrt-Merlin
Asuswrt-Merlin project RT-N66U firmware
Asuswrt-Merlin
Asuswrt-Merlin
Asuswrt-Merlin
Asuswrt-Merlin RT-N12+ Pro

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-12754?
CVE-2017-12754 is classified as a high severity vulnerability due to the potential for remote code execution through a stack buffer overflow.
How do I fix CVE-2017-12754?
To fix CVE-2017-12754, upgrade your Asuswrt-Merlin firmware to version 380.68 or later.
Which devices are affected by CVE-2017-12754?
CVE-2017-12754 affects several ASUS devices running Asuswrt-Merlin firmware version 380.67 or earlier.
What is a stack buffer overflow in the context of CVE-2017-12754?
A stack buffer overflow in CVE-2017-12754 allows an attacker to exploit the httpd component to execute arbitrary code or crash the device.
Can exploiting CVE-2017-12754 lead to data loss?
Exploiting CVE-2017-12754 may potentially lead to data loss or leakage if an attacker successfully executes malicious code on the affected device.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/first-publish-date
agent/description
agent/event
agent/source
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/asuswrt-merlin
canonical/asuswrt-merlin
version/asuswrt-merlin/380.67
canonical/asus asuswrt-merlin
canonical/asuswrt-merlin project rt-ac55u
canonical/asuswrt-merlin project rt-ac66u b1
canonical/asuswrt-merlin project rt-ac88u
canonical/asuswrt-merlin rt-n12hp b1
canonical/asuswrt-merlin rt-n12hp
canonical/asuswrt-merlin project rt-n18u
canonical/asuswrt-merlin project rt-n66u firmware
canonical/asuswrt-merlin rt-n12+ pro

Frequently Asked Questions

What is the severity of CVE-2017-12754?
CVE-2017-12754 is classified as a high severity vulnerability due to the potential for remote code execution through a stack buffer overflow.
How do I fix CVE-2017-12754?
To fix CVE-2017-12754, upgrade your Asuswrt-Merlin firmware to version 380.68 or later.
Which devices are affected by CVE-2017-12754?
CVE-2017-12754 affects several ASUS devices running Asuswrt-Merlin firmware version 380.67 or earlier.
What is a stack buffer overflow in the context of CVE-2017-12754?
A stack buffer overflow in CVE-2017-12754 allows an attacker to exploit the httpd component to execute arbitrary code or crash the device.
Can exploiting CVE-2017-12754 lead to data loss?
Exploiting CVE-2017-12754 may potentially lead to data loss or leakage if an attacker successfully executes malicious code on the affected device.

CVE-2017-12754: Buffer Overflow

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-12754?

How do I fix CVE-2017-12754?

Which devices are affected by CVE-2017-12754?

What is a stack buffer overflow in the context of CVE-2017-12754?

Can exploiting CVE-2017-12754 lead to data loss?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-12754?

How do I fix CVE-2017-12754?

Which devices are affected by CVE-2017-12754?

What is a stack buffer overflow in the context of CVE-2017-12754?

Can exploiting CVE-2017-12754 lead to data loss?