CVE-2021-44158

EPSS 0.16%
Veröffentlicht 03.01.2022 10:15:08
Zuletzt bearbeitet 21.11.2024 06:30:27
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asus ≫ Rt-ax56u Firmware Version3.0.0.4.386.44266

Asus ≫ Rt-ax56u Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.368

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8	2.1	5.9	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.7	5.1	10	AV:A/AC:L/Au:S/C:C/I:C/A:C
twcert@cert.org.tw	8	2.1	5.9	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://www.twcert.org.tw/tw/cp-132-5431-d23be-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-44158

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44158

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44158

EUVD