ASUS WiFi Routers Vulnerable to OS Command Injection Attacks

CVE-2024-1655

8.8HIGH

Key Information

Vendor
Asus
Status
Expertwifi Ebm63
Expertwifi Ebm68
Rt-ax57 Go
Vendor
CVE Published:
15 April 2024

Summary

Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.

Affected Version(s)

ExpertWiFi EBM63 < 3.0.0.6.102_32645

ExpertWiFi EBM68 < 3.0.0.6.102_44384

RT-AX57 Go < 3.0.0.6.102_22188

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.