CVE-2022-23972

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 80.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Rt-ax56u Asus Rt-ax56u Firmware

Timeline

PublishedApr 7

Latest updateApr 8

Description

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5asus/rt-ax56u3.0.0.4.386.45898

▶NVDasus/rt-ax56u_firmware3.0.0.4.386.45898

🔴Vulnerability Details

GHSA

GHSA-vxv9-8j84-cmpr: ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation↗2022-04-08

▶

CVEList

ASUS RT-AX56U - SQL Injection↗2022-04-07

▶