ASUS RT-AX55 - command injection - 1

CVE-2023-41345

8.8HIGH

Key Information

Vendor
Asus
Status
Rt-ax55
Vendor
CVE Published:
3 November 2023

Summary

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.

Affected Version(s)

RT-AX55 = 3.0.0.4.386.51598

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.