CVE-2023-39239

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:asus:rt-ax56u_v2_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:14

Type Values Removed Values Added
References () https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html - Broken Link () https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html - Broken Link

27 Mar 2024, 08:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 7.2
Summary (en) It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. (en) It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

12 Sep 2023, 20:47

Type Values Removed Values Added
References (MISC) https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html - (MISC) https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html - Broken Link
First Time Asus rt-ax55
Asus rt-ax56u V2
Asus rt-ax55 Firmware
Asus rt-ac86u
Asus
Asus rt-ax56u V2 Firmware
Asus rt-ac86u Firmware
CPE cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*
cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*
cpe:2.3:o:asus:rt-ax56u_v2_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*

07 Sep 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-07 08:15

Updated : 2024-11-21 08:14


NVD link : CVE-2023-39239

Mitre link : CVE-2023-39239

CVE.ORG link : CVE-2023-39239


JSON object : View

Products Affected

asus

  • rt-ax55_firmware
  • rt-ax56u_v2
  • rt-ac86u
  • rt-ax56u_v2_firmware
  • rt-ax55
  • rt-ac86u_firmware
CWE
CWE-134

Use of Externally-Controlled Format String