ASUS RT-AC86U - Command Injection
CVE-2023-28702

8.8HIGH

Key Information:

Vendor: ASUS
Status: RT-AC86U
Vendor: CVE Published:; 2 June 2023

Summary

The ASUS RT-AC86U router is susceptible to a command injection vulnerability due to insufficient filtering of special characters in specific web URLs. An attacker with normal user privileges can exploit this flaw to execute arbitrary system commands. This exploitation can lead to severe disruption of system functionality or termination of services, posing significant risks to network integrity and availability.

Affected Version(s)

RT-AC86U 3.0.0.4.386.51255

References

https://www.twcert.org.tw/tw/cp-132-7146-ef92a-1.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
Mar 21, 2023

Credit

Tmotfl (Xingyu Xu)