CVE-2022-23972

HIGH8.8Injection

Description

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ASUS / RT-AX56U3.0.0.4.386.45898 – 3.0.0.4.386.45898

References

MISChttps://www.twcert.org.tw/tw/cp-132-5786-d2e86-1.html