ASUSWRT URL Processing Stack Buffer Overflow

This linked blog post (written by me) details the Stack Buffer Overflow bug and how to exploit it and getting RCE.

While processing the URL for any blacklisted XSS list like the script tag in the check_xss_blacklist function, a stack buffer overflow is possible by extending the length of the URL when accessing the web interface of the ASUS Router. To exploit it, stack pivoting technique is used before chaining up ROP gadgets to call our own custom command. In this post, we show how this can be exploited to get a reverse shell.

This vulnerability exists in routers that are using ASUSWRT 3.0.0.4.384.20308 (2018/02/01), and for our purposes, we used the RT-AC88U.

Click here to get to the blogpost.

Written by

cExplr

I was working previously as a Security Researcher at STARLabs Singapore and am currently looking to do Malware Analysis / Threat Hunting as well!