Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39238: ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 1

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVE
#vulnerability#asus#auth

:::

  • 首頁
  • 資安服務
  • 台灣漏洞揭露平台 (TVN)
  • TVN (Taiwan Vulnerability Note) 漏洞公告

TVN ID

TVN-202309007

CVE ID

CVE-2023-39238

CVSS

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

影響產品

RT-AX55: 3.0.0.4.386_50460
RT-AX56U_V2: 3.0.0.4.386_50460
RT-AC86U: 3.0.0.4_386_51529

問題描述

ASUS RT-AX55、RT-AX56U_V2 與 RT-AC86U iperf相關模組set_iperf3_svr.cgi API存在 format string 漏洞,該功能未對輸入的格式化字串進行適當驗證,遠端攻擊者不須權限,即可利用此漏洞進行遠端程式碼執行,對設備進行任意操作或中斷服務。

解決方法

RT-AX55: 更新至 3.0.0.4.386_51948
RT-AX56U_V2: 更新至3.0.0.4.386_51948
RT-AC86U: 更新至3.0.0.4.386_51915

漏洞通報者

資安人員

公開日期

2023-09-05

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907