Lucene search

TwcertCVELIST:CVE-2022-25596

HistoryApr 07, 2022 - 6:22 p.m.

CVE-2022-25596 ASUS RT-AC86U - Heap-based buffer overflow

2022-04-0718:22:35

CWE-787

twcert

www.cve.org

cve-2022-25596

asus rt-ac56u

heap-based buffer overflow

insufficient validation

decryption parameter

arbitrary code execution

unauthenticated lan attacker

disrupt service

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

31.6%

JSON

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.

CNA Affected

[
  {
    "product": "RT-AC86U",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0.4.386.45956"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

31.6%

JSON

Related for CVELIST:CVE-2022-25596