CVE-2022-23972: ASUS RT-AX56U - SQL Injection
First published: Wed Mar 02 2022(Updated: )
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Rt-ax56u Firmware | =3.0.0.4.386.45898 | |
| ASUS RT-AX56U |
Remedy
Update ASUS RT-AX56U firmware version to 3.0.0.4.386.45934
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-23972?
CVE-2022-23972 is a vulnerability that exists in the SQL handling function of ASUS RT-AX56U routers.
How does CVE-2022-23972 affect ASUS RT-AX56U routers?
CVE-2022-23972 allows an unauthenticated LAN attacker to inject arbitrary SQL code to read, modify, and delete the router's database.
Which version of ASUS RT-AX56U firmware is affected by CVE-2022-23972?
ASUS RT-AX56U firmware version 3.0.0.4.386.45898 is affected by CVE-2022-23972.
What is the severity of CVE-2022-23972?
The severity of CVE-2022-23972 is high, with a CVSS score of 8.8.
Is there a fix for CVE-2022-23972?
At the moment, there is no known fix for CVE-2022-23972. It is recommended to follow any security advisories provided by ASUS and apply patches when available.
- collector/nvd-index
- agent/weakness
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/title
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/asus
- canonical/asus rt-ax56u firmware
- version/asus rt-ax56u firmware/3.0.0.4.386.45898
- canonical/asus rt-ax56u