Buffer overflow in Asus Rt-ac66u

CVE-2013-6343

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.

Vulnerability class: Buffer Overflow

EPSS: 0.350 (97.1th percentile) — read the EPSS interpretation.

Affected products

Asus Rt-ac66u
Asus Rt-ac66u_firmware — versions 3.0.0.4..374_979
Asus Rt-n56u
Asus Rt-n56u_firmware — versions 3.0.0.4..374_979
Asus Tm-ac1900
Asus Tm-ac1900_firmware — versions 3.0.0.4..374_979
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (Exploit, x_refsource_MISC)
102267 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM)
31033 (Exploit, exploit, x_refsource_EXPLOIT-DB)
65046 (vdb-entry, x_refsource_BID)