CVE-2022-25596

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 72.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Rt-ac86u Asus Rt-ac86u Firmware

Timeline

PublishedApr 7

Latest updateApr 8

Description

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5asus/rt-ac86u3.0.0.4.386.45956

▶NVDasus/rt-ac86u_firmware3.0.0.4.386.45956

🔴Vulnerability Details

GHSA

GHSA-39fr-rq99-f592: ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter leng↗2022-04-08

▶

CVEList

ASUS RT-AC86U - Heap-based buffer overflow↗2022-04-07

▶