CVE-2013-6343

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
asustm-ac1900_firmware
3.0.0.4..374_979:_979
asusrt-n56u_firmware
3.0.0.4..374_979:_979
asusrt-ac66u_firmware
3.0.0.4..374_979:_979
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html
http://osvdb.org/102267
http://www.exploit-db.com/exploits/31033
http://www.securityfocus.com/bid/65046
https://support.t-mobile.com/docs/DOC-21994
http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html
http://osvdb.org/102267
http://www.exploit-db.com/exploits/31033
http://www.securityfocus.com/bid/65046
https://support.t-mobile.com/docs/DOC-21994