CVE-2024-0401
published 2024-05-20CVE-2024-0401: ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asus | expertwifi | < 3.0.0.6.102_44544 | 3.0.0.6.102_44544 |
| asus | rt-ac67u | < 3.0.0.4.386_51685 | 3.0.0.4.386_51685 |
| asus | rt-ac68r | < 3.0.0.4.386_51685 | 3.0.0.4.386_51685 |
| asus | rt-ac68u | < 3.0.0.4.386_51685 | 3.0.0.4.386_51685 |
| asus | rt-ac86u | < 3.0.0.4.386_51925 | 3.0.0.4.386_51925 |
| asus | rt-ax3000 | < 3.0.0.4.388_24762 | 3.0.0.4.388_24762 |
| asus | rt-ax55 | < 3.0.0.4.386_52303 | 3.0.0.4.386_52303 |
| asus | rt-ax58u | < 3.0.0.4.388_24762 | 3.0.0.4.388_24762 |
| asus | rt-ax86_series | < 3.0.0.4.388_24243 | 3.0.0.4.388_24243 |
| asus | rt-ax88u | < 3.0.0.4.388_24209 | 3.0.0.4.388_24209 |