ASUS WiFi Routers Vulnerable to OS Command Injection Attacks
CVE-2024-1655
8.8HIGH
Key Information
- Vendor
- Asus
- Status
- Expertwifi Ebm63
- Expertwifi Ebm68
- Rt-ax57 Go
- Vendor
- CVE Published:
- 15 April 2024
Summary
Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.
Affected Version(s)
ExpertWiFi EBM63 < 3.0.0.6.102_32645
ExpertWiFi EBM68 < 3.0.0.6.102_44384
RT-AX57 Go < 3.0.0.6.102_22188
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database