First published: Wed Mar 02 2022(Updated: )
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Rt-ax56u Firmware | =3.0.0.4.386.45898 | |
ASUS RT-AX56U |
Update ASUS RT-AX56U firmware version to 3.0.0.4.386.45934
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23972 is a vulnerability that exists in the SQL handling function of ASUS RT-AX56U routers.
CVE-2022-23972 allows an unauthenticated LAN attacker to inject arbitrary SQL code to read, modify, and delete the router's database.
ASUS RT-AX56U firmware version 3.0.0.4.386.45898 is affected by CVE-2022-23972.
The severity of CVE-2022-23972 is high, with a CVSS score of 8.8.
At the moment, there is no known fix for CVE-2022-23972. It is recommended to follow any security advisories provided by ASUS and apply patches when available.