CVE-2022-22054: ASUS RT-AX56U - Path Traversal
First published: Fri Jan 14 2022(Updated: )
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Rt-ax56u Firmware | =3.0.0.4.386.44266 | |
| ASUS RT-AX56U |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2022-22054.
What is the title of the vulnerability?
The title of the vulnerability is ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters.
What is the severity of CVE-2022-22054?
The severity of CVE-2022-22054 is medium.
How can an attacker exploit CVE-2022-22054?
An unauthenticated local area network attacker can exploit CVE-2022-22054 by accessing restricted system paths and downloading arbitrary files.
What is the affected software for CVE-2022-22054?
The affected software for CVE-2022-22054 is ASUS RT-AX56U with firmware version 3.0.0.4.386.44266.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/asus
- canonical/asus rt-ax56u firmware
- version/asus rt-ax56u firmware/3.0.0.4.386.44266
- canonical/asus rt-ax56u