Lucene search

TwcertCVELIST:CVE-2022-22054

HistoryJan 14, 2022 - 12:00 a.m.

CVE-2022-22054 ASUS RT-AX56U - Path Traversal

2022-01-1400:00:00

CWE-22

twcert

www.cve.org

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.

CNA Affected

[
  {
    "product": "RT-AX56U",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0.4.386.44266"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5508-59251-1.html

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for CVELIST:CVE-2022-22054