ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
14 Apr 2022, 20:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Asus rt-ac86u Firmware
Asus Asus rt-ac86u |
|
CPE | cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:* cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4.386.45956:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 8.8 |
CWE | CWE-787 | |
References | (MISC) https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html - Third Party Advisory |
07 Apr 2022, 19:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-07 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-25596
Mitre link : CVE-2022-25596
CVE.ORG link : CVE-2022-25596
JSON object : View
Products Affected
asus
- rt-ac86u_firmware
- rt-ac86u
CWE
CWE-787
Out-of-bounds Write