Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.


Assigner: [email protected]

CWE: CWE-121

  • asus router 1.0


CVSS version: 3.1 Base score: 7.2
Base severity: HIGH Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability score: 1.2 Impact score: 5.9

Can you explain the CVE description?

This CVE description is for a vulnerability identified as CVE-2024-3079. The vulnerability affects certain models of ASUS routers and is related to buffer overflow vulnerabilities. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary commands on the affected device. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.2, which indicates a high severity level. The vulnerability has been classified under CWE-121. The status of this vulnerability is EARLY_WARNING, and it was published on June 14, 2024. The last modified date for this CVE entry is also June 14, 2024. The vendor, product, and version information is not specified in the description. The vulnerability details and additional resources can be found in the provided URLs: 1. 2. The CVSS version used for scoring is 3.1, and the base severity is rated as HIGH. The vector CVSS provides more details on the attack vector, access complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact. The exploitability score for this vulnerability is 1.2, and the impact score is 5.9. The assigner of this CVE is [email protected]. More information about this vulnerability can be found in the provided link: /cve_reports/2024/06/cve-2024-3079.html.

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by being one of the initial steps in a multi-stage attack. An attacker could exploit the buffer overflow vulnerability in certain models of ASUS routers to gain remote administrative privileges on the device. Once they have gained this level of access, they can then proceed to execute arbitrary commands on the device, potentially leading to further compromise of the network or sensitive data theft. This vulnerability could serve as the entry point for a larger attack, allowing the attacker to establish a foothold within the network and carry out more malicious activities.

Generated on: 2024-07-01