CVE-2023-35720

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 63.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Asus Rt-ax92uAsus Rt-ax92u Firmware
Timeline
PublishedMay 3

Description

ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mod_webdav.so module. When parsing a request, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerabil

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5asus/rt-ax92u3.0.0.4.386.46061
NVDasus/rt-ax92u_firmware3.0.0.4.386.46061

🔴Vulnerability Details

2
CVEList
ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability2024-05-03
GHSA
GHSA-qm9c-rrj6-5xmx: ASUS RT-AX92U lighttpd mod_webdav2024-05-03
CVE-2023-35720 (MEDIUM CVSS 6.5) | ASUS RT-AX92U lighttpd mod_webdav.s | cvebase.io