Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentZdiVULNRICHMENT:CVE-2023-35720
HistoryMay 03, 2024 - 1:57 a.m.

CVE-2023-35720 ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability

2024-05-0301:57:40
CWE-89
zdi
github.com
1
cve-2023-35720 asus rt-ax92u lighttpd mod_webdav.so sql injection information disclosure vulnerability network-adjacent authentication zdi-can-16078

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the mod_webdav.so module. When parsing a request, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-16078.

CNA Affected

[
  {
    "vendor": "ASUS",
    "product": "RT-AX92U",
    "versions": [
      {
        "version": "3.0.0.4.386.46061",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

cvelist 1
cve 1
nvd 1
zdi 1
cvelist
cvelist
CVE-2023-35720 ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability
2024-05-03 01:57:40
cve
cve
CVE-2023-35720
2024-05-03 02:15:34
nvd
nvd
CVE-2023-35720
2024-05-03 02:15:34
zdi
zdi
ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability
2023-08-23 00:00:00

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON
Related for VULNRICHMENT:CVE-2023-35720
cvelist1cve1nvd1zdi1