CVE-2023-35087

EPSS 1.06%
Veröffentlicht 21.07.2023 08:15:09
Zuletzt bearbeitet 21.11.2024 08:07:57
Quelle twcert@cert.org.tw
Teams Watchlist Login
Unerledigt Login

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asus ≫ Rt-ac86u Firmware Version3.0.0.4_386_51529

Asus ≫ Rt-ac86u Version-

Asus ≫ Rt-ax56u V2 Firmware Version3.0.0.4.386_50460

Asus ≫ Rt-ax56u V2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.06%	0.764

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-35087

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-35087

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-35087

EUVD