CVE-2022-26376
First published: Fri Aug 05 2022(Updated: )
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus asuswrt | <3.0.0.4.386_48706 | |
| Asuswrt-Merlin New Gen | <386.7 | |
| Asus Xt8 Firmware | <3.0.0.4.386_48706 | |
| Asus Xt8 | ||
| Asus Tuf-ax3000 V2 Firmware | <3.0.0.4.386_48750 | |
| Asus Tuf-ax3000 V2 | ||
| Asus Xd4 Firmware | <3.0.0.4.386_48790 | |
| Asus Xd4 | ||
| Asus Et12 Firmware | <3.0.0.4.386_48823 | |
| Asus Et12 | ||
| Asus Gt-ax6000 Firmware | <3.0.0.4.386_48823 | |
| Asus Gt-ax6000 | ||
| Asus Xt12 Firmware | <3.0.0.4.386_48823 | |
| Asus Xt12 | ||
| Asus Rt-ax58u Firmware | <3.0.0.4.386_48908 | |
| Asus Rt-ax58u | ||
| Asus Xt9 Firmware | <3.0.0.4.388_20027 | |
| Asus Xt9 | ||
| Asus Xd6 Firmware | <3.0.0.4.386_49356 | |
| Asus Xd6 | ||
| Asus Gt-ax11000 Pro Firmware | <3.0.0.4.386_48996 | |
| Asus Gt-ax11000 Pro | ||
| Asus Gt-axe16000 Firmware | <3.0.0.4.386_48786 | |
| Asus Gt-axe16000 | ||
| Asus Rt-ax86u Firmware | <3.0.0.4.386_49447 | |
| ASUS RT-AX86U | ||
| Asus Rt-ax68u Firmware | <3.0.0.4.386_49479 | |
| Asus Rt-ax68u | ||
| Asus Rt-ax82u Firmware | <3.0.0.4.386_49380 | |
| Asus RT-AX82U | ||
| Asus Rt-ax56u Firmware | <3.0.0.4.386_49559 | |
| ASUS RT-AX56U | ||
| Asus Rt-ax55 Firmware | <3.0.0.4.386_49559 | |
| ASUS RT-AX55 | ||
| Asus Gt-ax11000 Firmware | <3.0.0.4.386_49559 | |
| Asus Gt-ax11000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-26376?
CVE-2022-26376 is a memory corruption vulnerability in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.
How severe is CVE-2022-26376?
CVE-2022-26376 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2022-26376?
Asuswrt versions prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen versions prior to 386.7 are affected.
How does CVE-2022-26376 work?
A specially-crafted HTTP request can lead to memory corruption, allowing an attacker to send a network request to exploit the vulnerability.
Is my Asus Xt8 firmware vulnerable to CVE-2022-26376?
No, the Asus Xt8 firmware is not vulnerable to CVE-2022-26376.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/asus
- canonical/asus asuswrt
- vendor/asuswrt-merlin
- canonical/asuswrt-merlin new gen
- canonical/asus xt8 firmware
- canonical/asus xt8
- canonical/asus tuf-ax3000 v2 firmware
- canonical/asus tuf-ax3000 v2
- canonical/asus xd4 firmware
- canonical/asus xd4
- canonical/asus et12 firmware
- canonical/asus et12
- canonical/asus gt-ax6000 firmware
- canonical/asus gt-ax6000
- canonical/asus xt12 firmware
- canonical/asus xt12
- canonical/asus rt-ax58u firmware
- canonical/asus rt-ax58u
- canonical/asus xt9 firmware
- canonical/asus xt9
- canonical/asus xd6 firmware
- canonical/asus xd6
- canonical/asus gt-ax11000 pro firmware
- canonical/asus gt-ax11000 pro
- canonical/asus gt-axe16000 firmware
- canonical/asus gt-axe16000
- canonical/asus rt-ax86u firmware
- canonical/asus rt-ax86u
- canonical/asus rt-ax68u firmware
- canonical/asus rt-ax68u
- canonical/asus rt-ax82u firmware
- canonical/asus rt-ax82u
- canonical/asus rt-ax56u firmware
- canonical/asus rt-ax56u
- canonical/asus rt-ax55 firmware
- canonical/asus rt-ax55
- canonical/asus gt-ax11000 firmware
- canonical/asus gt-ax11000