Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6343

CWE-119 — Buffer Overflow4 documents4 sources

Severity

10.0CRITICAL

EPSS

35.0%

top 2.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Asus Rt-ac66u Firmware Asus Rt-n56u Firmware Asus Tm-ac1900 Firmware

Timeline

PublishedJan 22

Latest updateMay 17

Description

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDasus/rt-n56u_firmware3.0.0.4..374_979

▶NVDasus/rt-ac66u_firmware3.0.0.4..374_979

▶NVDasus/tm-ac1900_firmware3.0.0.4..374_979

🔴Vulnerability Details

GHSA

GHSA-3hpf-fhp5-r44c: Multiple buffer overflows in web↗2022-05-17

▶

CVEList

CVE-2013-6343: Multiple buffer overflows in web↗2014-01-22

▶

💥Exploits & PoCs

Exploit-DB

ASUS RT-N56U - Remote Buffer Overflow (ROP)↗2014-01-19

▶