Vulnerability Details CVE-2022-26376
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.7%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2022-26376
-
cpe:2.3:h:asus:et12:-
-
cpe:2.3:h:asus:gt-ax11000:-
-
cpe:2.3:h:asus:gt-ax11000_pro:-
-
cpe:2.3:h:asus:gt-ax6000:-
-
cpe:2.3:h:asus:gt-axe16000:-
-
cpe:2.3:h:asus:rt-ax55:-
-
cpe:2.3:h:asus:rt-ax56u:-
-
cpe:2.3:h:asus:rt-ax58u:-
-
cpe:2.3:h:asus:rt-ax68u:-
-
cpe:2.3:h:asus:rt-ax82u:-
-
cpe:2.3:h:asus:rt-ax86u:-
-
cpe:2.3:h:asus:tuf-ax3000_v2:-
-
cpe:2.3:h:asus:xd4:-
-
cpe:2.3:h:asus:xd6:-
-
cpe:2.3:h:asus:xt12:-
-
cpe:2.3:h:asus:xt8:-
-
cpe:2.3:h:asus:xt9:-
-
cpe:2.3:o:asus:asuswrt:-
-
cpe:2.3:o:asus:asuswrt:3.0.0.4.378
-
cpe:2.3:o:asus:asuswrt:3.0.0.4.380.7743
-
cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308
-
cpe:2.3:o:asus:asuswrt:3.0.0.4.384_10007
-
cpe:2.3:o:asus:et12_firmware:-
-
cpe:2.3:o:asus:gt-ax11000_firmware:-
-
cpe:2.3:o:asus:gt-ax11000_firmware:3.0.0.4.386.45898
-
cpe:2.3:o:asus:gt-ax11000_pro_firmware:-
-
cpe:2.3:o:asus:gt-ax6000_firmware:-
-
cpe:2.3:o:asus:gt-axe16000_firmware:-
-
cpe:2.3:o:asus:rt-ax55_firmware:-
-
cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386.46061
-
cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386.51598
-
cpe:2.3:o:asus:rt-ax56u_firmware:-
-
cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.44266
-
cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.45898
-
cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.46061
-
cpe:2.3:o:asus:rt-ax58u_firmware:-
-
cpe:2.3:o:asus:rt-ax58u_firmware:3.0.0.4.386.46061
-
cpe:2.3:o:asus:rt-ax68u_firmware:-
-
cpe:2.3:o:asus:rt-ax68u_firmware:3.0.0.4.386.46061
-
cpe:2.3:o:asus:rt-ax82u_firmware:-
-
cpe:2.3:o:asus:rt-ax82u_firmware:3.0.0.4.386.46061
-
cpe:2.3:o:asus:rt-ax86u_firmware:-
-
cpe:2.3:o:asus:rt-ax86u_firmware:3.0.0.4.386.46061
-
cpe:2.3:o:asus:tuf-ax3000_v2_firmware:-
-
cpe:2.3:o:asus:xd4_firmware:-
-
cpe:2.3:o:asus:xd6_firmware:-
-
cpe:2.3:o:asus:xt12_firmware:-
-
cpe:2.3:o:asus:xt8_firmware:-
-
cpe:2.3:o:asus:xt9_firmware:-
-
cpe:2.3:o:asuswrt-merlin:new_gen:-