CVE-2018-20336

EUVD-2018-12894
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
asusasuswrt-merlin
3.0.0.4.384.20308
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://starlabs.sg/advisories/18-20336/
https://www.asus.com/Networking/RT-AC1200G-plus/HelpDesk_BIOS/
https://starlabs.sg/advisories/18-20336/
https://www.asus.com/Networking/RT-AC1200G-plus/HelpDesk_BIOS/