CVE-2022-38105

CWE-119 — Buffer Overflow5 documents4 sources

Severity

7.5HIGH

EPSS

0.2%

top 53.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Rt-ax82u Asus Rt-ax82u Firmware

Timeline

PublishedJan 10

Description

An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5asus/rt-ax82u3.0.0.4.386_49674-ge182230

▶NVDasus/rt-ax82u_firmware3.0.0.4.386_49674-ge182230

🔴Vulnerability Details

GHSA

GHSA-8h8q-pcwj-rx99: An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3↗2023-01-10

▶

CVEList

CVE-2022-38105: An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3↗2023-01-10

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered↗2023-01-10

▶

Talos

Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered↗2023-01-10

▶