CVE-2023-39239
ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
Se identificó una vulnerabilidad de cadena de formato en la API de función general de ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de validación de un valor específico dentro de su módulo apply.cgi. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad sin privilegios para realizar la ejecución remota de código arbitrario, el funcionamiento arbitrario del sistema o interrumpir el servicio.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-07-26 CVE Reserved
- 2023-09-07 CVE Published
- 2024-09-13 EPSS Updated
- 2024-09-26 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
- CAPEC-135: Format String Injection
References (1)
URL | Tag | Source |
---|---|---|
https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html | Broken Link |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Asus Search vendor "Asus" | Rt-ax55 Firmware Search vendor "Asus" for product "Rt-ax55 Firmware" | 3.0.0.4.386_50460 Search vendor "Asus" for product "Rt-ax55 Firmware" and version "3.0.0.4.386_50460" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax55 Search vendor "Asus" for product "Rt-ax55" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ax56u V2 Firmware Search vendor "Asus" for product "Rt-ax56u V2 Firmware" | 3.0.0.4.386_50460 Search vendor "Asus" for product "Rt-ax56u V2 Firmware" and version "3.0.0.4.386_50460" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ax56u V2 Search vendor "Asus" for product "Rt-ax56u V2" | - | - |
Safe
|
Asus Search vendor "Asus" | Rt-ac86u Firmware Search vendor "Asus" for product "Rt-ac86u Firmware" | 3.0.0.4_386_51529 Search vendor "Asus" for product "Rt-ac86u Firmware" and version "3.0.0.4_386_51529" | - |
Affected
| in | Asus Search vendor "Asus" | Rt-ac86u Search vendor "Asus" for product "Rt-ac86u" | - | - |
Safe
|