3 matches found
CVE-2023-35086
creationtimestamp| type| source ---|---|--- 2023-07-21 12:33:23+00:00| seen| https://t.me/cibsecurity/67086 2023-07-25 01:40:32+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4800 2023-07-26 13:23:32+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8738...
CVE-2023-35086 ASUS RT-AX56U V2 & RT-AC86U - Format String -1
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. A remote attacker with administrator privilege can exploit...
CVE-2023-35086
A format-string vulnerability exists in ASUS RT-AX56U V2 and RT-AC86U within the httpd module’s detwan.cgi, triggered by untrusted input passed to a syslog-enabled path (logmessage_normal). The GitHub PoC describes firmwares ≤ RT-AX56U V2 3.0.0.4.386_50460 and RT-AC86U 3.0.0.4_386_51529 as affect...