CWE
787
Advisory Published
Updated

CVE-2022-26376

First published: Fri Aug 05 2022(Updated: )

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

Credit: talos-cna@cisco.com

Affected SoftwareAffected VersionHow to fix
Asus asuswrt<3.0.0.4.386_48706
Asuswrt-Merlin New Gen<386.7
Asus Xt8 Firmware<3.0.0.4.386_48706
Asus Xt8
Asus Tuf-ax3000 V2 Firmware<3.0.0.4.386_48750
Asus Tuf-ax3000 V2
Asus Xd4 Firmware<3.0.0.4.386_48790
Asus Xd4
Asus Et12 Firmware<3.0.0.4.386_48823
Asus Et12
Asus Gt-ax6000 Firmware<3.0.0.4.386_48823
Asus Gt-ax6000
Asus Xt12 Firmware<3.0.0.4.386_48823
Asus Xt12
Asus Rt-ax58u Firmware<3.0.0.4.386_48908
Asus Rt-ax58u
Asus Xt9 Firmware<3.0.0.4.388_20027
Asus Xt9
Asus Xd6 Firmware<3.0.0.4.386_49356
Asus Xd6
Asus Gt-ax11000 Pro Firmware<3.0.0.4.386_48996
Asus Gt-ax11000 Pro
Asus Gt-axe16000 Firmware<3.0.0.4.386_48786
Asus Gt-axe16000
Asus Rt-ax86u Firmware<3.0.0.4.386_49447
ASUS RT-AX86U
Asus Rt-ax68u Firmware<3.0.0.4.386_49479
Asus Rt-ax68u
Asus Rt-ax82u Firmware<3.0.0.4.386_49380
Asus RT-AX82U
Asus Rt-ax56u Firmware<3.0.0.4.386_49559
ASUS RT-AX56U
Asus Rt-ax55 Firmware<3.0.0.4.386_49559
ASUS RT-AX55
Asus Gt-ax11000 Firmware<3.0.0.4.386_49559
Asus Gt-ax11000

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2022-26376?

    CVE-2022-26376 is a memory corruption vulnerability in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.

  • How severe is CVE-2022-26376?

    CVE-2022-26376 has a severity rating of 9.8 (critical).

  • Which software versions are affected by CVE-2022-26376?

    Asuswrt versions prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen versions prior to 386.7 are affected.

  • How does CVE-2022-26376 work?

    A specially-crafted HTTP request can lead to memory corruption, allowing an attacker to send a network request to exploit the vulnerability.

  • Is my Asus Xt8 firmware vulnerable to CVE-2022-26376?

    No, the Asus Xt8 firmware is not vulnerable to CVE-2022-26376.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203