Buffer Overflow Vulnerability in ASUS RT-AC3200 Router
CVE-2018-14712

6.5MEDIUM

Key Information:

Vendor: Asus
Status: Rt-ac3200 Firmware
Vendor: CVE Published:; 13 May 2019

What is CVE-2018-14712?

A vulnerability resides within the appGet.cgi component of the ASUS RT-AC3200 router, specifically affecting version 3.0.0.4.382.50010. This issue occurs due to a buffer overflow in the processing of the 'hook' URL parameter, enabling potential attackers to execute arbitrary system commands remotely. The exploitation of this vulnerability can lead to unauthorized access and control over the router, posing significant risks to network integrity and confidentiality.

References

https://blog.securityevaluators.com/asus-routers-overflow...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2019
Vulnerability Reserved
Jul 28, 2018

Asus

What is CVE-2018-14712?

References

CVSS V3.1

Timeline