Lucene search

K
nvd[email protected]NVD:CVE-2021-40556
HistoryOct 06, 2022 - 6:15 p.m.

CVE-2021-40556

2022-10-0618:15:50
CWE-787
web.nvd.nist.gov
httpd service
asus rt-ax56u router
stack overflow
strcat function
caupload
remote command execution
authentication required

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.6%

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by “caupload” input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.

Affected configurations

NVD
Node
asusrt-ax56uMatch-
AND
asusrt-ax56u_firmwareMatch3.0.0.4.386.44266

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.6%

Related for NVD:CVE-2021-40556