CVE-2023-38033: ASUS RT-AC86U - Command injection vulnerability - 3
First published: Thu Sep 07 2023(Updated: )
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
Credit: twcert@cert.org.tw twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Rt-ac86u Firmware | =3.0.0.4_386_51529 | |
| ASUS RT-AC86U |
Remedy
Update to 3.0.0.4.386_51915
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-38033.
What is the severity of CVE-2023-38033?
The severity of CVE-2023-38033 is high.
How does CVE-2023-38033 affect ASUS RT-AC86U firmware version 3.0.0.4_386_51529?
CVE-2023-38033 affects ASUS RT-AC86U firmware version 3.0.0.4_386_51529 by allowing a remote attacker with regular user privilege to perform command injection attacks.
How can CVE-2023-38033 be exploited?
CVE-2023-38033 can be exploited by a remote attacker with regular user privilege to perform command injection attacks and execute arbitrary commands.
Is ASUS RT-AC86U vulnerable to CVE-2023-38033?
No, ASUS RT-AC86U is not vulnerable to CVE-2023-38033.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/severity
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/asus
- canonical/asus rt-ac86u firmware
- version/asus rt-ac86u firmware/3.0.0.4_386_51529
- canonical/asus rt-ac86u