Vulnerability Details CVE-2023-41349
ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.6%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-41349
-
cpe:2.3:h:asus:rt-ax88u:-
-
cpe:2.3:o:asus:rt-ax88u_firmware:-
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.4730
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.4736
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5247
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5329
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5640
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5951
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.6210
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42095
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42819
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42820
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.44266
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45375
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45898
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45934
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.46061
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.46065
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.48631
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.49674
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.20499
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.20518
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.20558
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.22525