CVE-2017-15655

CRITICAL Year: 2017
CVSS v3 Score
9.6
Critical
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-119
View all →

Vulnerability Description

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.

Related Vulnerabilities

CVE-2015-7939

CRITICAL
CVSS:9.6(Critical)

Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.

CWE-1192015

CVE-2016-0003

CRITICAL
CVSS:9.6(Critical)

Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."

CWE-1192016

CVE-2016-4734

CRITICAL
CVSS:9.6(Critical)

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differe...

CWE-1192016

CVE-2016-7277

CRITICAL
CVSS:9.6(Critical)

Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

CWE-1192016

CVE-2017-11309

CRITICAL
CVSS:9.6(Critical)

Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.

CWE-1192017

CVE-2017-12367

CRITICAL
CVSS:9.6(Critical)

A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A re...

CWE-1192017