CVE-2022-35401

CWE-324 CWE-287 — Improper Authentication5 documents4 sources

Severity

8.1HIGH

EPSS

0.1%

top 79.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Rt-ax82u Asus Rt-ax82u Firmware

Timeline

PublishedJan 10

Description

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5asus/rt-ax82u3.0.0.4.386_49674-ge182230

▶NVDasus/rt-ax82u_firmware3.0.0.4.386_49674-ge182230

🔴Vulnerability Details

CVEList

CVE-2022-35401: An authentication bypass vulnerability exists in the get_IFTTTTtoken↗2023-01-10

▶

GHSA

GHSA-rj78-2fm5-wrfp: An authentication bypass vulnerability exists in the get_IFTTTTtoken↗2023-01-10

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered↗2023-01-10

▶

Talos

Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered↗2023-01-10

▶