ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2

CVE-2023-39239
7.2HIGH

Key Information

Vendor
Asus
Status
Rt-ax55
Rt-ax56u V2
Rt-ac86u
Vendor
CVE Published:
7 September 2023

Summary

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

Affected Version(s)

RT-AX55 = 3.0.0.4.386_50460

RT-AX56U_V2 = 3.0.0.4.386_50460

RT-AC86U = 3.0.0.4_386_51529

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Risk change from: 9.8 to: 7.2 - (HIGH)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.