Description
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- ASUS / RT-AC86U3.0.0.4_386_51529 – 3.0.0.4_386_51529
- ASUS / RT-AX553.0.0.4.386_50460 – 3.0.0.4.386_50460
- ASUS / RT-AX56U_V23.0.0.4.386_50460 – 3.0.0.4.386_50460