ASUS WiFi Routers Vulnerable to OS Command Injection Attacks
CVE-2024-1655

8.8HIGH

Key Information:

Vendor: Asus
Status: Expertwifi Ebm63; Expertwifi Ebm68; Rt-ax57 Go
Vendor: CVE Published:; 15 April 2024

Summary

ASUS WiFi routers are susceptible to an OS Command Injection vulnerability that enables an authenticated remote attacker to execute arbitrary system commands. This is achieved by sending specially crafted requests that exploit this security weakness. The vulnerability poses a significant risk to users as it allows for unauthorized access to the system, potentially leading to further exploitation of the devices.

Affected Version(s)

ExpertWiFi EBM63 earlier < 3.0.0.6.102_32645

ExpertWiFi EBM68 earlier < 3.0.0.6.102_44384

RT-AX57 Go earlier < 3.0.0.6.102_22188

References

https://www.twcert.org.tw/tw/cp-132-7737-1acd0-1.html

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Feb 20, 2024