Stack Overflow in Asus RT-N10LX Router Due to Unchecked URL Parameters
CVE-2023-34940

7.5HIGH

Key Information:

Vendor: Asus
Status: Rt-n10lx Firmware
Vendor: CVE Published:; 12 June 2023

Summary

The Asus RT-N10LX Router v2.0.0.39 has been identified as having a stack overflow vulnerability that can be triggered via the url parameter at /start-apply.html. This issue arises due to the lack of proper input validation, allowing attackers to exploit the vulnerability, potentially leading to unauthorized access or system compromise. It is important to note that this vulnerability affects only those products that are no longer actively supported by the vendor, exposing users to significant security risks.

References

https://github.com/OlivierLaflamme/cve/blob/main/ASUS-N10...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 7, 2023