First published: Mon Sep 18 2023(Updated: )
ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.
Credit: twcert@cert.org.tw twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Rt-ax88u Firmware | <3.0.0.4.388.23748 | |
ASUS RT-AX88U |
Update the version to 3.0.0.4_388_23748 or later.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2023-41349.
The severity level of CVE-2023-41349 is high with a CVSS score of 8.8.
The affected software for CVE-2023-41349 is ASUS router RT-AX88U firmware version up to and including 3.0.0.4.388.23748.
An authenticated remote attacker can exploit CVE-2023-41349 by using externally controllable format strings within the Advanced Open VPN function of ASUS router RT-AX88U's firmware.
There is no information available about a fix for CVE-2023-41349 at the moment. It is recommended to follow the official guidance of the software vendor for any updates or patches.