var-201801-0537
Vulnerability from variot
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages. Asus asuswrt Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. An attacker could exploit the vulnerability to remotely execute code with administrator privileges. HTTPd server is one of the HTTP servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0537",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asuswrt",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.378"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.8,
"vendor": "asustek computer",
"version": "3.0.0.4.376.x"
},
{
"model": "asuswrt",
"scope": "lte",
"trust": 0.6,
"vendor": "asus",
"version": "\u003c=3.0.0.4.376.x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:asuswrt",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blazej Adamczyk",
"sources": [
{
"db": "PACKETSTORM",
"id": "145921"
}
],
"trust": 0.1
},
"cve": "CVE-2017-15655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-15655",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-02920",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-106499",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-15655",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15655",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-15655",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-02920",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-1109",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-106499",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version \u003c=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages. Asus asuswrt Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. An attacker could exploit the vulnerability to remotely execute code with administrator privileges. HTTPd server is one of the HTTP servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15655"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15655",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "145921",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-02920",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-106499",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"id": "VAR-201801-0537",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
}
],
"trust": 1.3166666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
}
]
},
"last_update_date": "2024-11-23T22:30:32.228000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT",
"trust": 0.8,
"url": "https://www.asus.com/ASUSWRT/"
},
{
"title": "Patch for Asusasuswrt Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/115867"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2018/jan/63"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/145921/asuswrt-3.0.0.4.382.18495-session-hijacking-information-disclosure.html"
},
{
"trust": 1.7,
"url": "http://sploit.tech/2018/01/16/asus-part-i.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15655"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15653"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"db": "VULHUB",
"id": "VHN-106499"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"db": "PACKETSTORM",
"id": "145921"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
},
{
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"date": "2018-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-106499"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"date": "2018-01-16T04:44:44",
"db": "PACKETSTORM",
"id": "145921"
},
{
"date": "2017-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1109"
},
{
"date": "2018-01-31T20:29:00.350000",
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02920"
},
{
"date": "2018-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-106499"
},
{
"date": "2018-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012291"
},
{
"date": "2018-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-1109"
},
{
"date": "2024-11-21T03:14:58.203000",
"db": "NVD",
"id": "CVE-2017-15655"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asus asuswrt Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012291"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-1109"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.