CRITICAL🇵🇱 Wersja polska

CVE-2023-35087

CVSS 9.8v3.1pub. 2023-07-21upd. 2024-11-21

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Asus Rt Ac86u

    HW
    Asus
    wszystkie wersje
  • Asus Rt Ac86u Firmware

    OS
    Asus
    3.0.0.4_386_51529
  • Asus Rt Ax56u V2

    HW
    Asus
    wszystkie wersje
  • Asus Rt Ax56u V2 Firmware

    OS
    Asus
    3.0.0.4.386_50460
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2021-41435CRITICAL9.8ten sam produkt

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-A...

CVE-2018-20334CRITICAL9.8ten sam produkt

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is...

CVE-2018-8826CRITICAL9.8ten sam produkt

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.38...

CVE-2018-9285CRITICAL9.8ten sam produkt

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, ...

CVE-2023-38031HIGH8.8ten sam produkt

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote a...