Authenticated Command Injection Vulnerability in ASUS RT-AX55 Router
CVE-2023-39780

8.8HIGH

Key Information:

Vendor
Asus
Status
Rt-ax55 Firmware
Vendor
CVE Published:
11 September 2023

Summary

The ASUS RT-AX55 router has a vulnerability that allows an authenticated attacker to execute arbitrary commands on the device due to improper validation of input. This command injection flaw can enable unauthorized changes to device settings or the execution of potentially harmful operations, posing significant risks to the integrity and security of the network. Mitigation steps should be taken promptly to safeguard against exploit attempts.

References

https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-3978...
https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-3978...
https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-3978...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.