Authentication Bypass Vulnerability in Asus RT-AX82U Router
CVE-2022-35401

9CRITICAL

Key Information:

Vendor: Asus
Status: Rt-ax82u
Vendor: CVE Published:; 10 January 2023

Summary

An authentication bypass vulnerability has been identified in the Asus RT-AX82U router, specifically within its get_IFTTTTtoken.cgi functionality. This flaw permits an attacker to execute a series of crafted HTTP requests that could result in full administrative access to the device. Such unauthorized control over the router poses significant risks to network security and data integrity.

Affected Version(s)

RT-AX82U 3.0.0.4.386_49674-ge182230

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 10, 2023
Vulnerability Reserved
Jul 26, 2022