ASUS RT-AX88U - Out-of-bounds Read - 1

Vulnerability

An unauthenticated denial-of-service (DoS) vulnerability exists in the httpd binary of the ASUS RT-AX88U router, affecting firmware versions 3.0.0.4.388_22525-gd35b8fe and prior [1]. The flaw resides in web.c and is triggered by sending a specially crafted HTTP request that contains a specific "User-Agent" string; during a string comparison operation, the httpd process crashes, resulting in a crash of the web server [1].

Exploitation

An attacker can exploit this vulnerability remotely from the network by sending a single HTTP request with a crafted User-Agent header to the router's management interface [1]. No authentication is required, and no user interaction on the target device is needed [1]. The specific sequence of steps is not publicly detailed, but the description indicates that the presence of a maliciously formed user-agent string during the comparison within web.c leads to the crash.

Impact

Successful exploitation causes the httpd process to crash, creating a denial-of-service condition that prevents legitimate users from accessing the router's web-based administration interface [1]. The availability impact is rated High (CVSS 7.5), while confidentiality and integrity are not affected [1]. The router may need to be rebooted to restore functionality.

Mitigation

ASUS released firmware version 3.0.0.4_388_23748 to fix this vulnerability [1]. Users should update their RT-AX88U router to this version or later. There is no known workaround if the device cannot be patched, but reducing exposure by limiting remote access to the management interface (e.g., disabling WAN access to the admin UI) may reduce the attack surface. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.