// For flags

CVE-2020-36109

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.

El firmware del enrutador ASUS RT-AX86U versiones por debajo de 9.0.0.4_386, presenta un desbordamiento del búfer en la función block_request.cgi del módulo httpd que puede causar una ejecución de código cuando un atacante construye datos maliciosos

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-04 CVE Reserved
  • 2021-02-01 CVE Published
  • 2022-04-20 First Exploit
  • 2024-06-06 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Asus
Search vendor "Asus"
 Rt-ax86u Firmware
Search vendor "Asus" for product "Rt-ax86u Firmware"
 < 9.0.0.4_386
Search vendor "Asus" for product "Rt-ax86u Firmware" and version " < 9.0.0.4_386"
-
Affected
in Asus
Search vendor "Asus"
 Rt-ax86u
Search vendor "Asus" for product "Rt-ax86u"
--
Safe