Vulnerability Details CVE-2018-5721
Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2018-5721
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.66
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.66_2
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.66_4
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.66_6
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.67
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.68
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.68_2
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.68_4
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.69
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.69_2
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:380.70
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:382.1
-
cpe:2.3:o:asuswrt-merlin:asuswrt-merlin:382.1_2