Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-40556

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.

Published

2022-10-06T18:15:50.453

Last Modified

2024-11-21T06:24:22.497

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	asus	rt-ax56u_firmware	3.0.0.4.386.44266	Yes
Hardware	asus	rt-ax56u	-	No

References

https://www.asus.com/tw/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/ Product, Vendor Advisory ([email protected])
https://x1ng.top/2021/10/14/ASUS%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Exploit, Third Party Advisory ([email protected])
https://www.asus.com/tw/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/ Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://x1ng.top/2021/10/14/ASUS%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)