First published: Fri Jun 02 2023(Updated: )
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.
Credit: twcert@cert.org.tw twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Rt-ac86u Firmware | =3.0.0.4.386.51255 | |
ASUS RT-AC86U | ||
All of | ||
Asus Rt-ac86u Firmware | =3.0.0.4.386.51255 | |
ASUS RT-AC86U |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-28703 is a stack-based buffer overflow vulnerability in the specific cgi function of ASUS RT-AC86U firmware version 3.0.0.4.386.51255, which allows remote attackers with administrator privileges to execute arbitrary system commands.
CVE-2023-28703 occurs due to insufficient validation for network packet header length in ASUS RT-AC86U's specific cgi function.
The severity of CVE-2023-28703 is high, with a severity value of 7.2.
ASUS RT-AC86U firmware version 3.0.0.4.386.51255 is affected by CVE-2023-28703.
An attacker with administrator privileges can exploit CVE-2023-28703 by sending malicious network packets to the vulnerable device, allowing them to execute arbitrary system commands.