Skip to main content
CVE-2018-5721 HIGH POC This Week

Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Asuswrt Merlin
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-5764 HIGH This Week

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rsync Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
6.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy