CVE-2022-23972

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.45898:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-04-07 19:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-23972

Mitre link : CVE-2022-23972

CVE.ORG link : CVE-2022-23972


JSON object : View

Products Affected

asus

  • rt-ax56u_firmware
  • rt-ax56u
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')