CVE-2023-28702: OS Command Injection
First published: Fri Jun 02 2023(Updated: )
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Rt-ac86u Firmware | =3.0.0.4.386.51255 | |
| ASUS RT-AC86U |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this ASUS RT-AC86U vulnerability?
The vulnerability ID for this ASUS RT-AC86U vulnerability is CVE-2023-28702.
What is the severity level of CVE-2023-28702?
The severity level of CVE-2023-28702 is high, with a severity value of 8.8.
How can this vulnerability be exploited?
This vulnerability can be exploited by a remote attacker with normal user privileges to perform command injection attacks and execute arbitrary system commands.
How does CVE-2023-28702 impact the affected software?
CVE-2023-28702 allows attackers to disrupt the system, terminate services, and execute arbitrary system commands in the affected ASUS RT-AC86U firmware version 3.0.0.4.386.51255.
Is there a fix available for CVE-2023-28702?
To mitigate CVE-2023-28702, update the ASUS RT-AC86U firmware to the latest version provided by ASUS.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/nvd-latest
- vendor/asus
- canonical/asus rt-ac86u firmware
- version/asus rt-ac86u firmware/3.0.0.4.386.51255
- canonical/asus rt-ac86u