ASUS RT-AC86U - Heap-based buffer overflow

Vulnerability

The configuration function of ASUS RT-AC86U firmware v3.0.0.4.386.45956 contains a heap-based buffer overflow vulnerability due to insufficient validation of the decryption parameter length [1]. This allows an unauthenticated attacker on the same LAN to trigger the overflow by sending a crafted request with an overly long decryption parameter [1].

Exploitation

An attacker must be located on the local network (LAN) and does not require any authentication [1]. By sending a specially crafted request to the vulnerable configuration function, the attacker can trigger the heap-based buffer overflow [1]. No user interaction is required.

Impact

Successful exploitation enables an attacker to execute arbitrary code, perform arbitrary operations on the device, or cause a denial of service [1]. The attacker gains full control over the affected router, potentially compromising network traffic and connected devices.

Mitigation

ASUS has released firmware version 3.0.0.4_386_46092 to fix this vulnerability [1]. Users should update their RT-AC86U routers to this patched version. No workaround is provided; updating is the recommended mitigation.