RT-AC86U

CVEs (13)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2023-35086	Asus RT-AC86U	0.06	—	0.76	Jul 21, 2023	It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator…
CVE-2023-39239	Asus RT-AX55	0.00	—	0.01	Sep 7, 2023	It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to…
CVE-2023-39237	Asus RT-AC86U	0.00	—	0.01	Sep 7, 2023	ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate…
CVE-2023-39236	Asus RT-AC86U	0.00	—	0.01	Sep 7, 2023	ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate…
CVE-2023-38033	Asus RT-AC86U	0.00	—	0.01	Sep 7, 2023	ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or…
CVE-2023-38032	Asus RT-AC86U	0.00	—	0.01	Sep 7, 2023	ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate…
CVE-2023-38031	Asus RT-AC86U	0.00	—	0.01	Sep 7, 2023	ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate…
CVE-2023-35087	Asus RT-AC86U	0.00	—	0.02	Jul 21, 2023	It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote…
CVE-2023-28703	Asus RT-AC86U	0.00	—	0.00	Jun 2, 2023	ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt…
CVE-2023-28702	Asus RT-AC86U	0.00	—	0.00	Jun 2, 2023	ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.
CVE-2022-25597	Asus RT-AC86U	0.00	—	0.00	Apr 7, 2022	ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
CVE-2022-25596	Asus RT-AC86U	0.00	—	0.00	Apr 7, 2022	ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.
CVE-2022-25595	Asus RT-AC86U	0.00	—	0.00	Apr 7, 2022	ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.

CVE-2023-35086Jul 21, 2023
Asus
RT-AC86U
risk 0.06cvss —epss 0.76
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator…
CVE-2023-39239Sep 7, 2023
Asus
RT-AX55
risk 0.00cvss —epss 0.01
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to…
CVE-2023-39237Sep 7, 2023
Asus
RT-AC86U
risk 0.00cvss —epss 0.01
ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate…
CVE-2023-39236Sep 7, 2023
Asus
RT-AC86U
risk 0.00cvss —epss 0.01
ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate…
CVE-2023-38033Sep 7, 2023
Asus
RT-AC86U
risk 0.00cvss —epss 0.01
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or…
CVE-2023-38032Sep 7, 2023
Asus
RT-AC86U
risk 0.00cvss —epss 0.01
ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate…
CVE-2023-38031Sep 7, 2023
Asus
RT-AC86U
risk 0.00cvss —epss 0.01
ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate…
CVE-2023-35087Jul 21, 2023
Asus
RT-AC86U
risk 0.00cvss —epss 0.02
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote…
CVE-2023-28703Jun 2, 2023
Asus
RT-AC86U
risk 0.00cvss —epss 0.00
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt…
CVE-2023-28702Jun 2, 2023
Asus
RT-AC86U
risk 0.00cvss —epss 0.00
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.
CVE-2022-25597Apr 7, 2022
Asus
RT-AC86U
risk 0.00cvss —epss 0.00
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
CVE-2022-25596Apr 7, 2022
Asus
RT-AC86U
risk 0.00cvss —epss 0.00
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.
CVE-2022-25595Apr 7, 2022
Asus
RT-AC86U
risk 0.00cvss —epss 0.00
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.