RT-AX56U V2

CVEs (11)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2023-35086	Asus RT-AC86U	0.06	—	0.76	Jul 21, 2023	It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator…
CVE-2023-39240	Asus RT-AX55	0.00	—	0.01	Sep 7, 2023	It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this…
CVE-2023-39239	Asus RT-AX55	0.00	—	0.01	Sep 7, 2023	It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to…
CVE-2023-39238	Asus RT-AX55	0.00	—	0.04	Sep 7, 2023	It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote…
CVE-2023-35087	Asus RT-AC86U	0.00	—	0.02	Jul 21, 2023	It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote…
CVE-2022-23973	Asus RT-AX56U V2	0.00	—	0.00	Apr 7, 2022	ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.
CVE-2022-23972	Asus RT-AX56U V2	0.00	—	0.00	Apr 7, 2022	ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
CVE-2022-23971	Asus RT-AX56U V2	0.00	—	0.00	Apr 7, 2022	ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which…
CVE-2022-23970	Asus RT-AX56U V2	0.00	—	0.00	Apr 7, 2022	ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in…
CVE-2022-22054	Asus RT-AX56U V2	0.00	—	0.00	Jan 14, 2022	ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.
CVE-2021-44158	Asus RT-AX56U V2	0.00	—	0.00	Jan 3, 2022	ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.

CVE-2023-35086Jul 21, 2023
Asus
RT-AC86U
risk 0.06cvss —epss 0.76
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator…
CVE-2023-39240Sep 7, 2023
Asus
RT-AX55
risk 0.00cvss —epss 0.01
It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this…
CVE-2023-39239Sep 7, 2023
Asus
RT-AX55
risk 0.00cvss —epss 0.01
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to…
CVE-2023-39238Sep 7, 2023
Asus
RT-AX55
risk 0.00cvss —epss 0.04
It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote…
CVE-2023-35087Jul 21, 2023
Asus
RT-AC86U
risk 0.00cvss —epss 0.02
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote…
CVE-2022-23973Apr 7, 2022
Asus
RT-AX56U V2
risk 0.00cvss —epss 0.00
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.
CVE-2022-23972Apr 7, 2022
Asus
RT-AX56U V2
risk 0.00cvss —epss 0.00
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
CVE-2022-23971Apr 7, 2022
Asus
RT-AX56U V2
risk 0.00cvss —epss 0.00
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which…
CVE-2022-23970Apr 7, 2022
Asus
RT-AX56U V2
risk 0.00cvss —epss 0.00
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in…
CVE-2022-22054Jan 14, 2022
Asus
RT-AX56U V2
risk 0.00cvss —epss 0.00
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.
CVE-2021-44158Jan 3, 2022
Asus
RT-AX56U V2
risk 0.00cvss —epss 0.00
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.