Lucene search

[email protected]NVD:CVE-2023-35087

HistoryJul 21, 2023 - 8:15 a.m.

CVE-2023-35087

2023-07-2108:15:09

CWE-134

[email protected]

web.nvd.nist.gov

format string vulnerability

asus rt-ax56u

rt-ac86u

unauthenticated remote attackers

arbitrary code execution

aimesh system

cve-2023-35087

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

Affected configurations

NVD

Node

asusrt-ac86u_firmwareMatch3.0.0.4_386_51529

AND

asusrt-ac86uMatch-

Node

asusrt-ax56u_v2_firmwareMatch3.0.0.4.386_50460

AND

asusrt-ax56u_v2Match-

References

www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for NVD:CVE-2023-35087

cve1 cvelist1 prion1