ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5794-09c33-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
23 Jun 2023, 18:24
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
14 Apr 2022, 20:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 8.8 |
CWE | CWE-78 | |
First Time |
Asus rt-ac86u Firmware
Asus Asus rt-ac86u |
|
CPE | cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:* cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4.386.45956:*:*:*:*:*:*:* |
|
References | (MISC) https://www.twcert.org.tw/tw/cp-132-5794-09c33-1.html - Third Party Advisory |
07 Apr 2022, 19:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-07 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-25597
Mitre link : CVE-2022-25597
CVE.ORG link : CVE-2022-25597
JSON object : View
Products Affected
asus
- rt-ac86u_firmware
- rt-ac86u
CWE
NVD-CWE-Other
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')