Vulnerability Details CVE-2022-23970
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.9%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 4.8
References
Products affected by CVE-2022-23970
-
cpe:2.3:h:asus:rt-ax56u:-
-
cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.45898