CVE-2020-36109 - OpenCVE

ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Rt-ax86u Rt-ax86u Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-01T13:14:20

Updated: 2021-02-01T13:14:20

Reserved: 2021-01-04T00:00:00

Link: CVE-2020-36109

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-02-01T14:15:12.303

Modified: 2021-02-05T21:29:03.317

Link: CVE-2020-36109

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "15A658AC-BE51-4BAC-A338-9297FBEEC827", "versionEndExcluding": "9.0.0.4_386", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB28700C-02EB-46D0-9BAD-833CE4790264", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data."}, {"lang": "es", "value": "El firmware del enrutador ASUS RT-AX86U versiones por debajo de 9.0.0.4_386, presenta un desbordamiento del b\u00fafer en la funci\u00f3n block_request.cgi del m\u00f3dulo httpd que puede causar una ejecuci\u00f3n de c\u00f3digo cuando un atacante construye datos maliciosos"}], "id": "CVE-2020-36109", "lastModified": "2021-02-05T21:29:03.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-01T14:15:12.303", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}