ASUS WL-500W Router Buffer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1022825 |
|
SecurityTracker URL: http://securitytracker.com/id/1022825
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 4 2009
|
Impact:
Execution of arbitrary code via network, Root access via network
|
Exploit Included: Yes
|
Version(s): WL-500W
|
Description:
A vulnerability was reported in the ASUS WL-500W Router. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
An additional remote vulnerability exists. The impact was not specified.
This vulnerability was reported in the VulnDisco version 8.10 release [July 13, 2009].
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 4 Sep 2009 10:13:27 -0400
Subject: ASUS Router
|
Name: ASUS WL-500W exploit
Status: 0day
Details: Remote buffer overflow exploit for ASUS WL-500W wireless router.
Listener: not necessary, GOFindSockWithShell shellcode is used
Platform: Linux mipsel
Vulndisco: 8.10
Name: ASUS WL-500W exploit (II)
Status: 0day
Details: Remote exploit for ASUS WL-500W wireless router.
Listener: not necessary
Platform: Linux mipsel
Vulndisco: 8.10
|
|
