Lucene search

TwcertCVE-2023-41346

HistoryNov 03, 2023 - 5:15 a.m.

CVE-2023-41346

2023-11-0305:15:29

CWE-78

twcert

web.nvd.nist.gov

asus

rt-ax55

authentication

vulnerability

command injection

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

Affected configurations

Nvd

Node

asusrt-ax55_firmwareMatch3.0.0.4.386.51598

AND

asusrt-ax55Match-

VendorProductVersionCPE
asusrt-ax55_firmware3.0.0.4.386.51598cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386.51598:*:*:*:*:*:*:*
asusrt-ax55-cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asus	rt-ax55_firmware	3.0.0.4.386.51598	cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386.51598:::::::*
asus	rt-ax55	-	cpe:2.3:h:asus:rt-ax55:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "RT-AX55",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0.4.386.51598"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7497-f92ac-1.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

Related for CVE-2023-41346