ASUS RT-AX56U Router - Stack-based buffer overflow
Description
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in ASUS RT-AX56U httpd allows authenticated LAN attackers to execute arbitrary code via crafted parameter, fixed in firmware 3.0.0.4.386.45898.
Vulnerability
The ASUS RT-AX56U Wi-Fi Router running firmware version 3.0.0.4.386.44266 contains a stack-based buffer overflow vulnerability in the httpd service due to improper validation of parameter lengths [1]. An attacker must be authenticated on the local network and send a specially crafted HTTP request to trigger the overflow.
Exploitation
An attacker with network access to the LAN and valid low-privilege credentials can exploit this vulnerability by sending a crafted HTTP request with an overly long parameter to the router's httpd service [1]. No user interaction is required, and the attack can be executed remotely from within the local network.
Impact
Successful exploitation allows the attacker to execute arbitrary code with root privileges, leading to full compromise of the router, including information disclosure, control over the device, or disruption of service [1].
Mitigation
ASUS released firmware version 3.0.0.4.386.45898 to address this vulnerability [1]. Users should update their RT-AX56U routers immediately. No workarounds are documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 3.0.0.4.386.44266
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.twcert.org.tw/tw/cp-132-5431-d23be-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.