CVE-2013-6343

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.

Published: Jan 22, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-6343
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
asus / tm-ac1900_firmware	3.0.0.4..374_979	3.0.0.4..374_979.x
asus / rt-n56u_firmware	3.0.0.4..374_979	3.0.0.4..374_979.x
asus / rt-ac66u_firmware	3.0.0.4..374_979	3.0.0.4..374_979.x

http://infosec42.blogspot.com/2014/01/exploit-asus-rt-n56u-remote-root-shell.html
http://osvdb.org/102267
http://www.exploit-db.com/exploits/31033
http://www.securityfocus.com/bid/65046
https://support.t-mobile.com/docs/DOC-21994

Vulnerability Database

290,206

CVE-2013-6343