Gt Ac5300 Firmware
CVE-2018-17022
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy.
AnalysisAI
Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy. Affected products include: Asus Gt-Ac5300 Firmware. Version information: through 3.0.0.4.384.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Gt Ac5300 Firmware
View allCross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of se
ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a
Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today