Lucene search

[email protected]CVE-2023-41346

HistoryNov 03, 2023 - 5:15 a.m.

CVE-2023-41346

2023-11-0305:15:29

CWE-78

[email protected]

web.nvd.nist.gov

asus

rt-ax55

authentication

vulnerability

command injection

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

Affected configurations

NVD

Node

asusrt-ax55_firmwareMatch3.0.0.4.386.51598

AND

asusrt-ax55Match-

CPENameOperatorVersion
asus:rt-ax55_firmwareasus rt-ax55 firmwareeq3.0.0.4.386.51598

CPE	Name	Operator	Version
asus:rt-ax55_firmware	asus rt-ax55 firmware	eq	3.0.0.4.386.51598

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "RT-AX55",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0.4.386.51598"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7497-f92ac-1.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for CVE-2023-41346

prion1 nvd1 cvelist1