Asus Rt-Ax56U vulnerabilities

CVE-2024-11985 [MEDIUM] CWE-20 CVE-2024-11985: An improper input validation vulnerability leads to device crashes in certain ASUS router models. R An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information.

CVE-2022-23973 [HIGH] CWE-787 CVE-2022-23973: ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.

CVE-2022-23972 [HIGH] CWE-89 CVE-2022-23972: ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user in ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.

CVE-2022-23970 [HIGH] CWE-22 CVE-2022-23970: ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filterin ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.

CVE-2022-23971 [HIGH] CWE-22 CVE-2022-23971: ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filterin ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.

CVE-2022-22054 [MEDIUM] CWE-22 CVE-2022-22054: ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filteri ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.

CVE-2021-44158 [HIGH] CWE-121 CVE-2021-44158: ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation f ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.