Format String Vulnerability in ASUS RT-AC3200 Router
CVE-2018-14713

8.1HIGH

Key Information:

Vendor: Asus
Status: Rt-ac3200 Firmware
Vendor: CVE Published:; 13 May 2019

Summary

A format string vulnerability exists in the appGet.cgi file of the ASUS RT-AC3200 router, specifically affecting version 3.0.0.4.382.50010. This issue allows remote attackers to exploit the 'hook' URL parameter, leading to the potential reading of arbitrary memory sections and leaking critical CPU register information. Attackers can leverage this vulnerability to gain sensitive information, which could facilitate further attacks on the device or network.

References

https://blog.securityevaluators.com/asus-routers-overflow...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 13, 2019
Vulnerability Reserved
Jul 28, 2018