It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
References
Link | Resource |
---|---|
https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html | Broken Link |
https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 08:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html - Broken Link |
27 Mar 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
Summary | (en) It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. |
12 Sep 2023, 20:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html - Broken Link | |
First Time |
Asus rt-ax55
Asus rt-ax56u V2 Asus rt-ax55 Firmware Asus rt-ac86u Asus Asus rt-ax56u V2 Firmware Asus rt-ac86u Firmware |
|
CPE | cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:* cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:* cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:* cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:* cpe:2.3:o:asus:rt-ax56u_v2_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:* cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:* |
07 Sep 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-07 08:15
Updated : 2024-11-21 08:14
NVD link : CVE-2023-39239
Mitre link : CVE-2023-39239
CVE.ORG link : CVE-2023-39239
JSON object : View
Products Affected
asus
- rt-ax55_firmware
- rt-ax56u_v2
- rt-ac86u
- rt-ax56u_v2_firmware
- rt-ax55
- rt-ac86u_firmware
CWE
CWE-134
Use of Externally-Controlled Format String