Vulnerabilities > CVE-2023-39240 - Unspecified vulnerability in Asus products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

asus

NVD

Published: 2023-09-07

Updated: 2024-11-21

Summary

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

Vulnerable Configurations

Part	Description	Count
OS	Asus Asus RT Ax55 Firmware 3.0.0.4.386_50460 Asus RT Ax56U V2 Firmware 3.0.0.4.386_50460 Asus RT Ac86U Firmware 3.0.0.4_386_51529	3
Hardware	Asus Asus RT Ax55 - Asus RT Ax56U V2 - Asus RT Ac86U -	3

References

https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html
https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html