First published: Fri Jun 02 2023(Updated: )
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Rt-ac86u Firmware | =3.0.0.4.386.51255 | |
ASUS RT-AC86U |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this ASUS RT-AC86U vulnerability is CVE-2023-28702.
The severity level of CVE-2023-28702 is high, with a severity value of 8.8.
This vulnerability can be exploited by a remote attacker with normal user privileges to perform command injection attacks and execute arbitrary system commands.
CVE-2023-28702 allows attackers to disrupt the system, terminate services, and execute arbitrary system commands in the affected ASUS RT-AC86U firmware version 3.0.0.4.386.51255.
To mitigate CVE-2023-28702, update the ASUS RT-AC86U firmware to the latest version provided by ASUS.