CVE-2023-35087

CWE-134Uncontrolled Format String3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 22.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Asus Rt-ac86uAsus Rt-ax56u V2Asus Rt-ac86u Firmware+1 more
Timeline
PublishedJul 21

Description

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_5

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5asus/rt-ac86u3.0.0.4_386_51529
CVEListV5asus/rt-ax56u_v23.0.0.4.386_50460
NVDasus/rt-ac86u_firmware3.0.0.4_386_51529
NVDasus/rt-ax56u_v2_firmware3.0.0.4.386_50460

🔴Vulnerability Details

2
GHSA
GHSA-4qh3-vw22-fpq6: It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U2023-07-21
CVEList
ASUS RT-AX56U V2 & RT-AC86U - Format String - 22023-07-21