CVE-2017-15655

CWE-119Buffer Overflow3 documents3 sources
Severity
9.6CRITICAL
EPSS
1.4%
top 19.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Asuswrt
Timeline
PublishedJan 31
Latest updateMay 14

Description

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages1 packages

NVDasus/asuswrt< 3.0.0.4.378

🔴Vulnerability Details

2
GHSA
GHSA-w6cp-hqm8-4phj: Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=32022-05-14
CVEList
CVE-2017-15655: Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=32018-01-31
CVE-2017-15655 (CRITICAL CVSS 9.6) | Multiple buffer overflow vulnerabil | cvebase.io