Asus Rt-Ax56U V2 vulnerabilities

6 known vulnerabilities affecting asus/rt-ax56u_v2.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-11985MEDIUMCVSS 4.4vbefore 3.0.0.4.386_523322024-12-04
CVE-2024-11985 [MEDIUM] CWE-20 CVE-2024-11985: An improper input validation vulnerability leads to device crashes in certain ASUS router models. R An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information.
cvelistv5nvd
CVE-2023-39238HIGHCVSS 7.2v3.0.0.4.386_504602023-09-07
CVE-2023-39238 [HIGH] CWE-134 CVE-2023-39238: It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
cvelistv5nvd
CVE-2023-39240HIGHCVSS 7.2v3.0.0.4.386_504602023-09-07
CVE-2023-39240 [HIGH] CWE-134 CVE-2023-39240: It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. Thi It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operatio
cvelistv5nvd
CVE-2023-39239HIGHCVSS 7.2v3.0.0.4.386_504602023-09-07
CVE-2023-39239 [HIGH] CWE-134 CVE-2023-39239: It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vul It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt s
cvelistv5nvd
CVE-2023-35087CRITICALCVSS 9.8v3.0.0.4.386_504602023-07-21
CVE-2023-35087 [CRITICAL] CWE-134 CVE-2023-35087: It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability i It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform rem
cvelistv5nvd
CVE-2023-35086HIGHCVSS 7.2v3.0.0.4.386_504602023-07-21
CVE-2023-35086 [HIGH] CWE-134 CVE-2023-35086: It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability i It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code ex
cvelistv5nvd