ASUS RT-AX88U - Out-of-bounds Read - 2

Vulnerability

An unauthenticated denial-of-service (DoS) vulnerability exists in the httpd binary of ASUS RT-AX88U routers running firmware version 3.0.0.4.388_22525-gd35b8fe and earlier. The flaw resides in the do_json_decode() function within ej.c. A remote attacker can send a specially crafted HTTP request that triggers an out-of-bounds read, causing the httpd process to crash and resulting in a DoS condition [1].

Exploitation

An attacker can exploit this vulnerability remotely without any authentication or prior access to the device. The attacker only needs network connectivity to the router's management interface (typically port 80 or 443). By sending a malicious HTTP request that triggers the vulnerable code path in do_json_decode(), the attacker causes the httpd process to terminate immediately [1].

Impact

Successful exploitation leads to a denial-of-service condition where the router's web management interface becomes unavailable. The device itself continues to route traffic, but administrative access via HTTP/HTTPS is disrupted until the httpd process is manually restarted or the device is rebooted. No data confidentiality or integrity is compromised, and no code execution is achieved [1].

Mitigation

ASUS has released firmware version 3.0.0.4_388_23748 which fixes this vulnerability. Users should update their RT-AX88U routers to this version or later. No workaround is available for unpatched devices [1].