9.8
CVE-2022-26376
- EPSS 0.65%
- Published 05.08.2022 22:15:11
- Last modified 21.11.2024 06:53:52
- Source talos-cna@cisco.com
- Teams watchlist Login
- Open Login
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Asuswrt-merlin ≫ New Gen Version < 386.7
Asus ≫ Xt8 Firmware Version < 3.0.0.4.386_48706
Asus ≫ Tuf-ax3000 V2 Firmware Version < 3.0.0.4.386_48750
Asus ≫ Xd4 Firmware Version < 3.0.0.4.386_48790
Asus ≫ Et12 Firmware Version < 3.0.0.4.386_48823
Asus ≫ Gt-ax6000 Firmware Version < 3.0.0.4.386_48823
Asus ≫ Xt12 Firmware Version < 3.0.0.4.386_48823
Asus ≫ Rt-ax58u Firmware Version < 3.0.0.4.386_48908
Asus ≫ Xt9 Firmware Version < 3.0.0.4.388_20027
Asus ≫ Xd6 Firmware Version < 3.0.0.4.386_49356
Asus ≫ Gt-ax11000 Pro Firmware Version < 3.0.0.4.386_48996
Asus ≫ Gt-axe16000 Firmware Version < 3.0.0.4.386_48786
Asus ≫ Rt-ax86u Firmware Version < 3.0.0.4.386_49447
Asus ≫ Rt-ax68u Firmware Version < 3.0.0.4.386_49479
Asus ≫ Rt-ax82u Firmware Version < 3.0.0.4.386_49380
Asus ≫ Rt-ax56u Firmware Version < 3.0.0.4.386_49559
Asus ≫ Rt-ax55 Firmware Version < 3.0.0.4.386_49559
Asus ≫ Gt-ax11000 Firmware Version < 3.0.0.4.386_49559
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.699 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| talos-cna@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.