ASUS WiFi Routers Vulnerable to OS Command Injection Attacks
CVE-2024-1655

8.8HIGH

Key Information:

Vendor: Asus
Status: Expertwifi Ebm63; Expertwifi Ebm68; Rt-ax57 Go
Vendor: CVE Published:; 15 April 2024

What is CVE-2024-1655?

ASUS WiFi routers are susceptible to an OS Command Injection vulnerability that enables an authenticated remote attacker to execute arbitrary system commands. This is achieved by sending specially crafted requests that exploit this security weakness. The vulnerability poses a significant risk to users as it allows for unauthorized access to the system, potentially leading to further exploitation of the devices.

Affected Version(s)

ExpertWiFi EBM63 earlier < 3.0.0.6.102_32645

ExpertWiFi EBM68 earlier < 3.0.0.6.102_44384

RT-AX57 Go earlier < 3.0.0.6.102_22188

References

https://www.twcert.org.tw/tw/cp-132-7737-1acd0-1.html

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Feb 20, 2024

CVE-2024-1655 Data

JSON

Asus

What is CVE-2024-1655?

Affected Version(s)

References

CVSS V3.1

Timeline