CVE-2022-38393

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.5HIGH

EPSS

1.7%

top 17.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Rt-ax82u Asus Rt-ax82u Firmware

Timeline

PublishedJan 10

Description

A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5asus/rt-ax82u3.0.0.4.386_49674-ge182230

▶NVDasus/rt-ax82u_firmware3.0.0.4.386_49674-ge182230

🔴Vulnerability Details

GHSA

GHSA-hv5w-v9vx-jh7r: A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3↗2023-01-10

▶

CVEList

CVE-2022-38393: A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3↗2023-01-10

▶