An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.
                
            References
                    | Link | Resource | 
|---|---|
| https://starlabs.sg/advisories/18-20336/ | Exploit Third Party Advisory | 
| https://www.asus.com/Networking/RT-AC1200G-plus/HelpDesk_BIOS/ | |
| https://starlabs.sg/advisories/18-20336/ | Exploit Third Party Advisory | 
| https://www.asus.com/Networking/RT-AC1200G-plus/HelpDesk_BIOS/ | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
History
                    No history.
Information
                Published : 2019-09-17 16:15
Updated : 2024-11-21 04:01
NVD link : CVE-2018-20336
Mitre link : CVE-2018-20336
CVE.ORG link : CVE-2018-20336
JSON object : View
Products Affected
                asus
- asuswrt-merlin
- rt-ac68u
CWE
                
                    
                        
                        CWE-120
                        
            Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
