ASUS RT-AX55 - command injection - 3

Vulnerability

A command injection vulnerability exists in the authentication-related check token module of the ASUS RT-AX55 router running firmware versions up to 3.0.0.4.386.51598 [1]. The module fails to properly filter special characters in input parameters, thereby enabling an authenticated remote attacker to inject arbitrary operating system commands [1].

Exploitation

An attacker must first obtain valid authentication credentials for the router's management interface [1]. With network access to the administration web panel, the attacker crafts a request to the check token endpoint that includes specially crafted input containing command separators and shell metacharacters [1]. The injected commands are then executed on the device with the privileges of the affected service [1].

Impact

Successful exploitation results in arbitrary command execution on the ASUS RT-AX55 router [1]. An attacker can execute system commands, disrupt device operations, terminate services, and potentially gain full control of the affected device, leading to a complete compromise of confidentiality, integrity, and availability (CVSS 8.8, High) [1].

Mitigation

ASUS released fixed firmware version 3.0.0.4.386_51948 to address this vulnerability [1]. Users should update their RT-AX55 devices to this version immediately. No workarounds are published. The device is not listed on CISA's Known Exploited Vulnerabilities Catalog at the time of this writing.