CVE-2023-35087
ASUS RT-AX56U V2 & RT-AC86U - Format String - 2
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-13 CVE Reserved
- 2023-07-21 CVE Published
- 2024-08-22 EPSS Updated
- 2024-10-24 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
- CAPEC-135: Format String Injection
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asus Search vendor "Asus" | Rt-ac86u Firmware Search vendor "Asus" for product "Rt-ac86u Firmware" | 3.0.0.4_386_51529 Search vendor "Asus" for product "Rt-ac86u Firmware" and version "3.0.0.4_386_51529" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac86u Search vendor "Asus" for product "Rt-ac86u" | - | - |
Safe
|
| Asus Search vendor "Asus" | Rt-ax56u V2 Firmware Search vendor "Asus" for product "Rt-ax56u V2 Firmware" | 3.0.0.4.386_50460 Search vendor "Asus" for product "Rt-ax56u V2 Firmware" and version "3.0.0.4.386_50460" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax56u V2 Search vendor "Asus" for product "Rt-ax56u V2" | - | - |
Safe
|