Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-39239
PUBLISHED
More InfoOfficial Page
Assigner-twcert
Assigner Org ID-cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
View Known Exploited Vulnerability (KEV) details
Published At-07 Sep, 2023 | 07:18
Updated At-26 Sep, 2024 | 18:56
Rejected At-
▼CVE Numbering Authority (CNA)
ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

Affected Products
Vendor
ASUS (ASUSTeK Computer Inc.)ASUS
Product
RT-AX55
Default Status
unaffected
Versions
Affected
  • 3.0.0.4.386_50460
Vendor
ASUS (ASUSTeK Computer Inc.)ASUS
Product
RT-AX56U_V2
Default Status
unaffected
Versions
Affected
  • 3.0.0.4.386_50460
Vendor
ASUS (ASUSTeK Computer Inc.)ASUS
Product
RT-AC86U
Default Status
unaffected
Versions
Affected
  • 3.0.0.4_386_51529
Problem Types
TypeCWE IDDescription
CWECWE-134CWE-134 Use of Externally-Controlled Format String
Type: CWE
CWE ID: CWE-134
Description: CWE-134 Use of Externally-Controlled Format String
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-135CAPEC-135 Format String Injection
CAPEC ID: CAPEC-135
Description: CAPEC-135 Format String Injection
Solutions

RT-AX55: update to 3.0.0.4.386_51948  RT-AX56U_V2: update to 3.0.0.4.386_51948  RT-AC86U: update to 3.0.0.4.386_51915

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html
N/A
Hyperlink: https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html
x_transferred
Hyperlink: https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
ASUS (ASUSTeK Computer Inc.)asus
Product
rt-ax56u_v2
CPEs
  • cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 3.0.0.4.386_50460
Vendor
ASUS (ASUSTeK Computer Inc.)asus
Product
rt-ax55
CPEs
  • cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 3.0.0.4.386_50460
Vendor
ASUS (ASUSTeK Computer Inc.)asus
Product
rt-ac86u
CPEs
  • cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 3.0.0.4_386_51529
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found