CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-35086

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.739

EPSS Ranking 98.7%

CVSS Severity

CVSS v3 Score 7.2

References

Products affected by CVE-2023-35086

Asus » Rt-Ac86u » Version: N/A

cpe:2.3:h:asus:rt-ac86u:-
Asus » Rt-Ax56u V2 » Version: N/A

cpe:2.3:h:asus:rt-ax56u_v2:-
Asus » Rt-Ac86u Firmware » Version: 3.0.0.4_386_51529

cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529
Asus » Rt-Ax56u V2 Firmware » Version: 3.0.0.4.386_50460

cpe:2.3:o:asus:rt-ax56u_v2_firmware:3.0.0.4.386_50460

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-35086

Products

Pricing

Contact Us