cvedb.io
CVE-2017-15655
CRITICAL · CVSS 9.6
EPSS exploitation probability: 0%
Published 2018-01-31T20:29:00.350 · Last modified 2026-06-17T01:08:03.997

Summary

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.

Affected products

asus — asuswrt

Does this affect you?

Add your gear to cvedb and we'll alert you only when asus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.