7 matches found
CVE-2022-35401
An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this...
Update now! ASUS fixes nine security flaws
ASUS has released firmware updates for several router models fixing two critical and several other security issues. The new firmware with accumulated security updates is available for the models GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8,...
CVE-2022-35401
creationtimestamp| type| source ---|---|--- 2023-01-11 00:42:03+00:00| seen| https://t.me/cibsecurity/56310 2023-01-13 13:43:21+00:00| seen| https://t.me/truesecator/3935 2023-06-19 19:55:30+00:00| seen| https://t.me/RussianOSINT/2677 2023-06-20 09:57:08+00:00| seen| https://t.me/kasperskyb2b/705...
CVE-2022-35401
An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this...
CVE-2022-35401
An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this...
CVE-2022-35401
Summary (CVE-2022-35401) : Talos reports an authentication bypass in Asus RT-AX82U (version 3.0.0.4.386_49674-ge182230) via the get_IFTTTTtoken.cgi endpoint. A remote attacker can obtain full administrative access by sending a series of HTTP requests. The exploit path relies on how the router han...
CVE-2022-35401
An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this...