CVE-2022-23972

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.45898:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html - Third Party Advisory

Information

Published : 2022-04-07 19:15

Updated : 2024-11-21 06:49


NVD link : CVE-2022-23972

Mitre link : CVE-2022-23972

CVE.ORG link : CVE-2022-23972


JSON object : View

Products Affected

asus

  • rt-ax56u_firmware
  • rt-ax56u
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')