Unrated severityCISA KEVNVD Advisory· Published Sep 11, 2023· Updated Oct 21, 2025

CVE-2023-39780

Description

On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.

Affected products

ASUS/RT-AX55v5
Range: 3.0.0.4.386.51598

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.mdmitre
github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/2/EN.mdmitre
github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/3/EN.mdmitre
github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/4/EN.mdmitre
github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/5/EN.mdmitre
github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/6/EN.mdmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.033
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000