Format String Vulnerability Affects ASUS RT-AX56U V2, Allows Remote Code Execution
CVE-2023-39238
7.2HIGH
Summary
It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
Affected Version(s)
RT-AX55 = 3.0.0.4.386_50460
RT-AX56U_V2 = 3.0.0.4.386_50460
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 9.8 to: 7.2 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database