First published: Thu Apr 07 2022(Updated: )
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Rt-ac86u Firmware | =3.0.0.4.386.45956 | |
ASUS RT-AC86U |
Update ASUS RT-AC86U firmware version to 3.0.0.4_386_46092
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-25597.
The severity of CVE-2022-25597 is high, with a severity value of 8.8.
CVE-2022-25597 refers to ASUS RT-AC86U’s LPD service having insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform a command injection attack, execute arbitrary commands, and disrupt or terminate service.
CVE-2022-25597 affects the ASUS RT-AC86U firmware version 3.0.0.4.386.45956.
No, the ASUS RT-AC86U router is not vulnerable to CVE-2022-25597.
An unauthenticated LAN attacker can exploit CVE-2022-25597 by sending a malicious user request containing special characters, leading to a command injection attack.
Yes, you can find more information about CVE-2022-25597 at the following link: [https://www.twcert.org.tw/tw/cp-132-5794-09c33-1.html](https://www.twcert.org.tw/tw/cp-132-5794-09c33-1.html)