CVE-2018-20336

Vulnerability

ASUSWRT version 3.0.0.4.384.20308, as distributed on the RT-AC1200G Plus router, contains a stack-based buffer overflow in the parse_req_queries function inside the wanduck.c source file. The vulnerable code path is reachable via a crafted, long string sent over UDP to the device. No authentication or prior session is required to trigger the overflow [1].

Exploitation

An unauthenticated attacker on the local network can send a specially crafted UDP packet containing an overly long string to the target router. The parse_req_queries function does not properly validate the length of the incoming string before copying it into a fixed-size stack buffer, causing a buffer overflow. No user interaction on the router is required; the overflow occurs during normal packet processing [1].

Impact

Successful exploitation leads to a stack-based buffer overflow, which could corrupt adjacent stack memory. The described risk is an information leak (confidentiality impact), though the overflow may also cause a denial of service or potentially allow code execution depending on the layout of the stack-allocated variables. The attacker does not gain authenticated access, but may retrieve sensitive data from the router's memory [1].

Mitigation

ASUS has not released a patch for this specific version within the available references [1]. Users should check the ASUS support page for firmware updates beyond 3.0.0.4.384.20308. As a workaround, limiting UDP access to the router's management interface via firewall rules may reduce exposure. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication [1].