First published: Thu Apr 07 2022(Updated: )
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Rt-ac86u Firmware | =3.0.0.4.386.45956 | |
ASUS RT-AC86U |
Update ASUS RT-AC86U firmware version to 3.0.0.4_386_46092
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this ASUS RT-AC56U vulnerability is CVE-2022-25596.
The severity of CVE-2022-25596 is high with a CVSS score of 8.8.
This vulnerability in ASUS RT-AC56U occurs due to insufficient validation for the decryption parameter length, resulting in a heap-based buffer overflow.
An unauthenticated LAN attacker can execute arbitrary code, perform arbitrary operations, and disrupt service if they exploit this vulnerability.
No, ASUS RT-AC86U is not affected by this vulnerability.
You can find more information about this vulnerability at https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html