Asuswrt Merlin

Source repositories

https://github.com/rmerl/asuswrt-merlinarchived

CVEs (12)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-6548	Asus Rt Ac53 Firmware	Cri	0.71	9.8	0.48	Mar 9, 2017	Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with…
CVE-2017-11420	Asus ASUS firmware	Cri	0.65	9.8	0.18	Jul 18, 2017	Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…
CVE-2017-6549	Asus Rt Ac53 Firmware	Hig	0.62	8.8	0.25	Mar 9, 2017	Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers…
CVE-2017-12754	Asus RT-AC5300	Hig	0.58	8.8	0.12	Aug 9, 2017	Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…
CVE-2017-11345	Asus RT-AC5300	Hig	0.51	7.8	0.01	Jul 17, 2017	Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,…
CVE-2017-11344	Asus RT-AC5300	Hig	0.51	7.8	0.01	Jul 17, 2017	Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,…
CVE-2018-8879	Asus ASUS firmware		0.03	—	0.32	Nov 21, 2019	Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request.…
CVE-2018-18319	Rmerl Asuswrt Merlin		0.01	—	0.13	Oct 15, 2018	An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that…
CVE-2022-26376	Asus Asuswrt		0.00	—	0.01	Aug 5, 2022	A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this…
CVE-2018-8878	Rmerl Asuswrt Merlin		0.00	—	0.00	Feb 27, 2020	Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on…
CVE-2018-8877	Rmerl Asuswrt Merlin		0.00	—	0.00	Feb 27, 2020	Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the…
CVE-2018-5721	Rmerl Asuswrt Merlin		0.00	—	0.02	Jan 17, 2018	Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In…

CVE-2017-6548CriMar 9, 2017
Asus
Rt Ac53 Firmware
risk 0.71cvss 9.8epss 0.48
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with…
CVE-2017-11420CriJul 18, 2017
Asus
ASUS firmware
risk 0.65cvss 9.8epss 0.18
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…
CVE-2017-6549HigMar 9, 2017
Asus
Rt Ac53 Firmware
risk 0.62cvss 8.8epss 0.25
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers…
CVE-2017-12754HigAug 9, 2017
Asus
RT-AC5300
risk 0.58cvss 8.8epss 0.12
Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…
CVE-2017-11345HigJul 17, 2017
Asus
RT-AC5300
risk 0.51cvss 7.8epss 0.01
Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,…
CVE-2017-11344HigJul 17, 2017
Asus
RT-AC5300
risk 0.51cvss 7.8epss 0.01
Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,…
CVE-2018-8879Nov 21, 2019
Asus
ASUS firmware
risk 0.03cvss —epss 0.32
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request.…
CVE-2018-18319Oct 15, 2018
Rmerl
Asuswrt Merlin
risk 0.01cvss —epss 0.13
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that…
CVE-2022-26376Aug 5, 2022
Asus
Asuswrt
risk 0.00cvss —epss 0.01
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this…
CVE-2018-8878Feb 27, 2020
Rmerl
Asuswrt Merlin
risk 0.00cvss —epss 0.00
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on…
CVE-2018-8877Feb 27, 2020
Rmerl
Asuswrt Merlin
risk 0.00cvss —epss 0.00
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the…
CVE-2018-5721Jan 17, 2018
Rmerl
Asuswrt Merlin
risk 0.00cvss —epss 0.02
Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In…