ASUS RT-AX56U V2 & RT-AC86U - Format String - 2
CVE-2023-35087

9.8CRITICAL

Key Information:

Vendor: Asus
Status: Rt-ax56u V2; Rt-ac86u
Vendor: CVE Published:; 21 July 2023

Summary

A format string vulnerability has been identified in ASUS RT-AX56U V2 and RT-AC86U routers. This weakness arises from insufficient validation of a specific value when executing the cm_processChangedConfigMsg within the ccm_processREQ_CHANGED_CONFIG function in the AiMesh system. An unauthenticated remote attacker could exploit this vulnerability to perform arbitrary code execution, carry out arbitrary operations on the system, or potentially disrupt the service, making it crucial for users to mitigate the associated risks.

Affected Version(s)

RT-AC86U 3.0.0.4_386_51529

RT-AX56U V2 3.0.0.4.386_50460

References

https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2023
Vulnerability Reserved
Jun 13, 2023