First published: Fri Aug 05 2022(Updated: )
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Asus asuswrt | <3.0.0.4.386_48706 | |
Asuswrt-Merlin New Gen | <386.7 | |
Asus Xt8 Firmware | <3.0.0.4.386_48706 | |
Asus Xt8 | ||
Asus Tuf-ax3000 V2 Firmware | <3.0.0.4.386_48750 | |
Asus Tuf-ax3000 V2 | ||
Asus Xd4 Firmware | <3.0.0.4.386_48790 | |
Asus Xd4 | ||
Asus Et12 Firmware | <3.0.0.4.386_48823 | |
Asus Et12 | ||
Asus Gt-ax6000 Firmware | <3.0.0.4.386_48823 | |
Asus Gt-ax6000 | ||
Asus Xt12 Firmware | <3.0.0.4.386_48823 | |
Asus Xt12 | ||
Asus Rt-ax58u Firmware | <3.0.0.4.386_48908 | |
Asus Rt-ax58u | ||
Asus Xt9 Firmware | <3.0.0.4.388_20027 | |
Asus Xt9 | ||
Asus Xd6 Firmware | <3.0.0.4.386_49356 | |
Asus Xd6 | ||
Asus Gt-ax11000 Pro Firmware | <3.0.0.4.386_48996 | |
Asus Gt-ax11000 Pro | ||
Asus Gt-axe16000 Firmware | <3.0.0.4.386_48786 | |
Asus Gt-axe16000 | ||
Asus Rt-ax86u Firmware | <3.0.0.4.386_49447 | |
ASUS RT-AX86U | ||
Asus Rt-ax68u Firmware | <3.0.0.4.386_49479 | |
Asus Rt-ax68u | ||
Asus Rt-ax82u Firmware | <3.0.0.4.386_49380 | |
Asus RT-AX82U | ||
Asus Rt-ax56u Firmware | <3.0.0.4.386_49559 | |
ASUS RT-AX56U | ||
Asus Rt-ax55 Firmware | <3.0.0.4.386_49559 | |
ASUS RT-AX55 | ||
Asus Gt-ax11000 Firmware | <3.0.0.4.386_49559 | |
Asus Gt-ax11000 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-26376 is a memory corruption vulnerability in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.
CVE-2022-26376 has a severity rating of 9.8 (critical).
Asuswrt versions prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen versions prior to 386.7 are affected.
A specially-crafted HTTP request can lead to memory corruption, allowing an attacker to send a network request to exploit the vulnerability.
No, the Asus Xt8 firmware is not vulnerable to CVE-2022-26376.