Vulnerability Details CVE-2023-34359
ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.8%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-34359
-
cpe:2.3:h:asus:rt-ax88u:-
-
cpe:2.3:o:asus:rt-ax88u_firmware:-
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.4730
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.4736
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5247
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5329
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5640
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5951
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.6210
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42095
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42819
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42820
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.44266
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45375
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45898
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45934
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.46061
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.46065
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.48631
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.49674
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.20499
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.20518
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.20558
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.22525