CVE-2021-40556
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.
Se presenta una vulnerabilidad de desbordamiento de pila en el servicio httpd del router ASUS RT-AX56U versión 3.0.0.4.386.44266. Esta vulnerabilidad es causada por la función strcat llamada por la función de manejo de entrada "caupload" que permite al usuario introducir bytes 0xFFFF en la pila. Esta vulnerabilidad permite a un atacante ejecutar comandos de forma remota. La vulnerabilidad requiere autenticación
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-07 CVE Reserved
- 2022-10-06 CVE Published
- 2024-04-28 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://x1ng.top/2021/10/14/ASUS%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 | 2024-08-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asus Search vendor "Asus" | Rt-ax56u Firmware Search vendor "Asus" for product "Rt-ax56u Firmware" | 3.0.0.4.386.44266 Search vendor "Asus" for product "Rt-ax56u Firmware" and version "3.0.0.4.386.44266" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax56u Search vendor "Asus" for product "Rt-ax56u" | - | - |
Safe
|