CVE-2023-39240 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 3
https://notcve.org/view.php?id=CVE-2023-39240
It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se identificó una vulnerabilidad de cadena de formato en la API de función de cliente iperf de ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de validación para un valor específico dentro de su módulo set_iperf3_cli.cgi. • https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html • CWE-134: Use of Externally-Controlled Format String •
CVE-2023-39239 – ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2
https://notcve.org/view.php?id=CVE-2023-39239
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se identificó una vulnerabilidad de cadena de formato en la API de función general de ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de validación de un valor específico dentro de su módulo apply.cgi. • https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html • CWE-134: Use of Externally-Controlled Format String •
CVE-2023-39238 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 1
https://notcve.org/view.php?id=CVE-2023-39238
It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se ha identificado una vulnerabilidad de cadena de formato en ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de validación de un valor específico dentro de su módulo set_iperf3_svr.cgi. • https://www.twcert.org.tw/tw/cp-132-7354-4e654-1.html • CWE-134: Use of Externally-Controlled Format String •
CVE-2023-39237 – ASUS RT-AC86U - Command injection vulnerability - 5
https://notcve.org/view.php?id=CVE-2023-39237
ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. La función de análisis Apps en el Analizador de Tráfico ASUS RT-AC86U tiene un filtrado insuficiente de caracteres especiales. Un atacante remoto con privilegios de usuario normal puede aprovechar esta vulnerabilidad para realizar un ataque de inyección de comandos para ejecutar comandos arbitrarios, interrumpir el sistema o terminar servicios. • https://www.twcert.org.tw/tw/cp-132-7352-bad68-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-39236 – ASUS RT-AC86U - Command injection vulnerability - 4
https://notcve.org/view.php?id=CVE-2023-39236
ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. La función de análisis Statistics en el Analizador de Tráfico ASUS RT-AC86U tiene un filtrado insuficiente de caracteres especiales. Un atacante remoto con privilegios de usuario normal puede aprovechar esta vulnerabilidad para realizar un ataque de inyección de comandos para ejecutar comandos arbitrarios, interrumpir el sistema o terminar servicios. • https://www.twcert.org.tw/tw/cp-132-7351-ec8fe-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •