Security Advisory

CVE-2018-5721

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-01-17 06:00:00

Last updated 2024-08-05 05:40:51

Assigner mitre

State PUBLISHED

Description

Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.

← Browse all CVEs View on cve.org ↗