7.2
CVE-2024-0401
- EPSS 3.12%
- Veröffentlicht 20.05.2024 17:15:09
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
ASUS OVPN RCE
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerasus
≫
Produkt
rt-ax58u
Default Statusunknown
Version
0
Version <
3.0.0.4.388_24762
Status
affected
Herstellerasus
≫
Produkt
rt-ac67u
Default Statusunknown
Version
0
Version <
3.0.0.4.386_51685
Status
affected
Herstellerasus
≫
Produkt
rt-ac68r
Default Statusunknown
Version
0
Version <
3.0.0.4.386_51685
Status
affected
Herstellerasus
≫
Produkt
expertwifi
Default Statusunknown
Version
0
Version <
3.0.0.6.102_44544
Status
affected
Herstellerasus
≫
Produkt
rt-ax55
Default Statusunknown
Version
0
Version <
3.0.0.4.386_52303
Status
affected
Herstellerasus
≫
Produkt
rt-ac68u
Default Statusunknown
Version
0
Version <
3.0.0.4.386_51685
Status
affected
Herstellerasus
≫
Produkt
rt-ax86_series
Default Statusunknown
Version
0
Version <
3.0.0.4.388_24243
Status
affected
Herstellerasus
≫
Produkt
rt-ac86u
Default Statusunknown
Version
0
Version <
3.0.0.4.386_51925
Status
affected
Herstellerasus
≫
Produkt
rt-ac88u
Default Statusunknown
Version
0
Version <
3.0.0.4.388_24209
Status
affected
Herstellerasus
≫
Produkt
rt-ax3000
Default Statusunknown
Version
0
Version <
3.0.0.4.388_24762
Status
affected
Herstellerasus
≫
Produkt
rt-ac68p
Default Statusunknown
Version
0
Version <
3.0.0.4.386_51685
Status
affected
Herstellerasus
≫
Produkt
rt-ac1900
Default Statusunknown
Version
0
Version <
3.0.0.4.386_51685
Status
affected
Herstellerasus
≫
Produkt
rt-ac1900u
Default Statusunknown
Version
0
Version <
3.0.0.4.386_51685
Status
affected
Herstellerasus
≫
Produkt
rt-ac2900
Default Statusunknown
Version
0
Version <
3.0.0.4.386_51925
Status
affected
Herstellerasus
≫
Produkt
zenwifi_xt8
Default Statusunknown
Version
0
Version <
3.0.0.4.388_24621
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.12% | 0.869 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.