CVE-2022-23970
published 2022-04-07CVE-2022-23970: ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An…
high8.1CVSS 3.1
AVAACLPRNUINSUCNIHAH
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asus | rt-ax56u | — | — |
| asus | rt-ax56u_firmware | — | — |