CVE-2022-26376
First published: Fri Aug 05 2022(Updated: )
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asuswrt-Merlin | <3.0.0.4.386_48706 | |
| Asuswrt-Merlin | <386.7 | |
| Asus ZenWiFi AX (XT8) firmware | <3.0.0.4.386_48706 | |
| Asus ZenWiFi XT8 | ||
| ASUS TUF Gaming AX3000 | <3.0.0.4.386_48750 | |
| ASUS TUF Gaming AX3000 V2 | ||
| Asus XD4 Firmware | <3.0.0.4.386_48790 | |
| Asus xd4 firmware | ||
| Asus ET12 | <3.0.0.4.386_48823 | |
| Asus ET12 | ||
| Asus GT-AX6000 | <3.0.0.4.386_48823 | |
| Asus GT-AX6000 Firmware | ||
| Asus XT12 Firmware | <3.0.0.4.386_48823 | |
| Asus XT12 Firmware | ||
| ASUS RT-AX58U Firmware | <3.0.0.4.386_48908 | |
| ASUS RT-AX58U Firmware | ||
| Asus XT9 | <3.0.0.4.388_20027 | |
| Asus XT9 Firmware | ||
| Asus XD6 | <3.0.0.4.386_49356 | |
| Asus XD6 Firmware | ||
| Asus GT-AX11000 Pro | <3.0.0.4.386_48996 | |
| ASUS ROG Rapture GT-AX11000 | ||
| Asus GT-AXE16000 Firmware | <3.0.0.4.386_48786 | |
| Asus GT-AXE16000 Firmware | ||
| ASUS RT-AX86U ZAKU II EDITION firmware | <3.0.0.4.386_49447 | |
| ASUS RT-AX86 | ||
| ASUS RT-AX68U | <3.0.0.4.386_49479 | |
| ASUS RT-AX68U Firmware | ||
| Asus RT-AX82U firmware | <3.0.0.4.386_49380 | |
| Asus RT-AX82U firmware | ||
| ASUS RT-AX56U V2 firmware | <3.0.0.4.386_49559 | |
| ASUS RT-AX56U firmware | ||
| ASUS RT-AX55 Firmware | <3.0.0.4.386_49559 | |
| ASUS routers | ||
| ASUS ROG Rapture GT-AX11000 Firmware | <3.0.0.4.386_49559 | |
| ASUS GT-AX11000 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-26376?
CVE-2022-26376 is a memory corruption vulnerability in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.
How severe is CVE-2022-26376?
CVE-2022-26376 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2022-26376?
Asuswrt versions prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen versions prior to 386.7 are affected.
How does CVE-2022-26376 work?
A specially-crafted HTTP request can lead to memory corruption, allowing an attacker to send a network request to exploit the vulnerability.
Is my Asus Xt8 firmware vulnerable to CVE-2022-26376?
No, the Asus Xt8 firmware is not vulnerable to CVE-2022-26376.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/asus
- canonical/asuswrt-merlin
- vendor/asuswrt-merlin
- canonical/asus zenwifi ax (xt8) firmware
- canonical/asus zenwifi xt8
- canonical/asus tuf gaming ax3000
- canonical/asus tuf gaming ax3000 v2
- canonical/asus xd4 firmware
- canonical/asus et12
- canonical/asus gt-ax6000
- canonical/asus gt-ax6000 firmware
- canonical/asus xt12 firmware
- canonical/asus rt-ax58u firmware
- canonical/asus xt9
- canonical/asus xt9 firmware
- canonical/asus xd6
- canonical/asus xd6 firmware
- canonical/asus gt-ax11000 pro
- canonical/asus rog rapture gt-ax11000
- canonical/asus gt-axe16000 firmware
- canonical/asus rt-ax86u zaku ii edition firmware
- canonical/asus rt-ax86
- canonical/asus rt-ax68u
- canonical/asus rt-ax68u firmware
- canonical/asus rt-ax82u firmware
- canonical/asus rt-ax56u v2 firmware
- canonical/asus rt-ax56u firmware
- canonical/asus rt-ax55 firmware
- canonical/asus routers
- canonical/asus rog rapture gt-ax11000 firmware
- canonical/asus gt-ax11000 firmware