ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 06:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html - Third Party Advisory |
Information
Published : 2022-04-07 19:15
Updated : 2024-11-21 06:49
NVD link : CVE-2022-23972
Mitre link : CVE-2022-23972
CVE.ORG link : CVE-2022-23972
JSON object : View
Products Affected
asus
- rt-ax56u_firmware
- rt-ax56u
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')