First published: Fri Jul 21 2023(Updated: )
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
Credit: twcert@cert.org.tw twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Rt-ac86u Firmware | =3.0.0.4_386_51529 | |
ASUS RT-AC86U | ||
Asus Rt-ax56u V2 Firmware | =3.0.0.4.386_50460 | |
ASUS RT-AX56U V2 |
RT-AX56U V2: update firmware version to 3.0.0.4_386_51598 RT-AC86U: update firmware version to 3.0.0.4.386_51915
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U is CVE-2023-35087.
The severity level of CVE-2023-35087 is critical.
The ASUS RT-AC86U firmware version 3.0.0.4_386_51529 and ASUS RT-AX56U V2 firmware version 3.0.0.4.386_50460 are affected by CVE-2023-35087.
The vulnerability in ASUS RT-AX56U V2 & RT-AC86U occurs due to lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system.
An unauthenticated remote attacker can exploit CVE-2023-35087 by exploiting the format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U.