CVE-2023-41349

CWE-134 — Uncontrolled Format String3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 45.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Rt-ax88u Asus Rt-ax88u Firmware

Timeline

PublishedSep 18

Description

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5asus/rt-ax88u — 3.0.0.4_388_23748

▶NVDasus/rt-ax88u_firmware< 3.0.0.4.388.23748

🔴Vulnerability Details

CVEList

ASUS RT-AX88U - externally-controlled format string↗2023-09-18

▶

GHSA

GHSA-xqpv-jvpq-xjvc: ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function↗2023-09-18

▶