VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 7, 2023· Updated Sep 26, 2024

ASUS RT-AC86U - Command injection vulnerability - 2

CVE-2023-38032

Description

ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ASUS RT-AC86U AiProtection has a command injection flaw; a remote attacker with low privilege can execute arbitrary commands.

Vulnerability

A command injection vulnerability exists in the AiProtection security-related function of the ASUS RT-AC86U router running firmware version 3.0.0.4.386.51529 [1]. The function does not properly filter special characters, allowing injection of arbitrary commands through specially crafted input [1].

Exploitation

A remote attacker with regular user privileges can exploit this vulnerability by sending a crafted request to the AiProtection feature [1]. No additional authentication beyond a valid user session is required, and the attack can be carried out over the network without user interaction [1].

Impact

Successful exploitation allows the attacker to perform command injection, executing arbitrary system commands on the router [1]. This can lead to full compromise of confidentiality, integrity, and availability: the attacker can read sensitive data, alter device configuration, disrupt services, or terminate system processes [1]. The impact is considered high across all CIA triad components according to the CVSS score of 8.8 [1].

Mitigation

ASUS has released firmware version 3.0.0.4.386.51915, which fixes the vulnerability [1]. Users should update their RT-AC86U devices to this version or later. No workaround is provided in the available references [1].

References
  1. ASUS RT-AC86U - Command injection vulnerability - 2

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Asus/RT-AC86Ullm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 3.0.0.4.386.51529

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.