Lucene search

[email protected]CVE-2021-40556

HistoryOct 06, 2022 - 6:15 p.m.

CVE-2021-40556

2022-10-0618:15:50

CWE-787

[email protected]

web.nvd.nist.gov

asus

rt-ax56u

router

vulnerability

stack overflow

cve-2021-40556

remote execution

httpd

strcat

caupload

authentication

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by “caupload” input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.

Affected configurations

NVD

Node

asusrt-ax56uMatch-

AND

asusrt-ax56u_firmwareMatch3.0.0.4.386.44266

CPENameOperatorVersion
asus:rt-ax56u_firmwareasus rt-ax56u firmwareeq3.0.0.4.386.44266

CPE	Name	Operator	Version
asus:rt-ax56u_firmware	asus rt-ax56u firmware	eq	3.0.0.4.386.44266

References

www.asus.com/tw/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/

x1ng.top/2021/10/14/ASUS%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for CVE-2021-40556

nvd1 cvelist1 cnvd1 prion1