Rt-ac86u Firmware Security Vulnerabilities and Issues — Rt-ac86u Firmware CVE List

Lucene search

AsusRt-ac86u Firmware

8 matches found

CVE•added 2022/04/07 7:15 p.m.•75 views

CVE-2022-25597

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.

8.8CVSS9.4AI score0.0017EPSS

CVE•added 2022/04/07 7:15 p.m.•70 views

CVE-2022-25596

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.

8.8CVSS9.2AI score0.00074EPSS

CVE•added 2023/09/07 4:15 a.m.•46 views

CVE-2023-38031

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

8.8CVSS9.2AI score0.01095EPSS

CVE•added 2023/06/02 11:15 a.m.•44 views

CVE-2023-28702

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.

8.8CVSS9.2AI score0.00599EPSS

CVE•added 2023/09/07 7:15 a.m.•38 views

CVE-2023-38032

ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

8.8CVSS9.2AI score0.00694EPSS

CVE•added 2023/09/07 7:15 a.m.•36 views

CVE-2023-39236

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

8.8CVSS9.2AI score0.007EPSS

CVE•added 2023/09/07 7:15 a.m.•33 views

CVE-2023-39237

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

8.8CVSS9.2AI score0.00601EPSS

CVE•added 2023/09/07 7:15 a.m.•32 views

CVE-2023-38033

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

8.8CVSS9.2AI score0.007EPSS