ASUS RT-AX56U - SQL Injection
Description
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated LAN attacker can exploit an SQL injection vulnerability in ASUS RT-AX56U firmware v3.0.0.4.386.45898 to read, modify, or delete the database.
Vulnerability
The ASUS RT-AX56U router's SQL handling function contains an SQL injection vulnerability due to insufficient validation of user input [1]. This affects firmware version 3.0.0.4.386.45898. The vulnerability is present in the storage of SQL data parameters, allowing injection of arbitrary SQL syntax without requiring authentication [1].
Exploitation
An unauthenticated attacker on the local area network (LAN) can exploit this vulnerability by sending crafted input to the SQL handling function [1]. No prior authentication or user interaction is required. The attacker can inject arbitrary SQL commands to interact with the database.
Impact
Successful exploitation allows the attacker to read, modify, and delete database contents [1]. This compromises confidentiality, integrity, and availability of the device's data, potentially leading to full control over the router's database and related services.
Mitigation
ASUS has released firmware version 3.0.0.4.386.45934 to fix this vulnerability [1]. Users should update their RT-AX56U firmware to this version or later. No workarounds are documented; updating is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 3.0.0.4.386.45898
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.twcert.org.tw/tw/cp-132-5786-d2e86-1.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.