Stack-Based Buffer Overflow in ASUS GT-AC5300 Router
CVE-2018-17022

7.2HIGH

Key Information:

Vendor: Asus
Status: Gt-ac5300 Firmware
Vendor: CVE Published:; 13 September 2018

What is CVE-2018-17022?

The ASUS GT-AC5300 router is susceptible to a stack-based buffer overflow due to an inadequate handling of input in its web interface. Specifically, a long input value for 'sh_path0' in requests to appGet.cgi can lead to device crashes or potentially allow attackers to exploit the device in unspecified ways. This vulnerability arises from the use of the 'strcpy' function in the router's web server code, which does not properly validate input sizes, allowing remote attackers to manipulate the device's operation.

References

https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/b...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 13, 2018

Asus

What is CVE-2018-17022?

References

CVSS V3.1

Timeline