Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-35401
HistoryJan 10, 2023 - 9:15 p.m.

CVE-2022-35401

2023-01-1021:15:11
CWE-324
CWE-287
[email protected]
web.nvd.nist.gov
8
authentication bypass
asus rt-ax82u
http requests
administrative access
vulnerability
cve-2022-35401

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.

Affected configurations

Nvd
Node
asusrt-ax82u_firmwareMatch3.0.0.4.386_49674-ge182230
AND
asusrt-ax82uMatch-
VendorProductVersionCPE
asusrt-ax82u_firmware3.0.0.4.386_49674-ge182230cpe:2.3:o:asus:rt-ax82u_firmware:3.0.0.4.386_49674-ge182230:*:*:*:*:*:*:*
asusrt-ax82u-cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*

Related

cvelist 1
prion 1
cve 1
talos 1
talosblog 2
thn 1
malwarebytes 1
cvelist
cvelist
CVE-2022-35401
2023-01-10 20:44:50
prion
prion
Authentication flaw
2023-01-10 21:15:00
cve
cve
CVE-2022-35401
2023-01-10 21:15:11
talos
talos
Asus RT-AX82U get_IFTTTTtoken.cgi authentication bypass vulnerability
2023-01-10 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered
2023-01-10 16:20:21
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
2023-08-02 12:00:19
thn
thn
ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models
2023-06-20 08:39:00
malwarebytes
malwarebytes
Update now! ASUS fixes nine security flaws
2023-06-20 04:00:00

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON
Related for NVD:CVE-2022-35401
cvelist1prion1cve1talos1talosblog2thn1malwarebytes1