Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-35087

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

Published

2023-07-21T08:15:09.900

Last Modified

2024-11-21T08:07:57.097

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-134
Type: Primary
CWE-134

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	asus	rt-ac86u_firmware	3.0.0.4_386_51529	Yes
Hardware	asus	rt-ac86u	-	No
Operating System	asus	rt-ax56u_v2_firmware	3.0.0.4.386_50460	Yes
Hardware	asus	rt-ax56u_v2	-	No

References

https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html Third Party Advisory ([email protected])
https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)