CVE-2022-26376 - OpenCVE

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Xd6 Firmware Rt-ax86u Gt-ax6000 Firmware Rt-ax58u Firmware Et12 Firmware Rt-ax55 Firmware Rt-ax68u Rt-ax86u Firmware Asuswrt Gt-ax6000 Xt12 Firmware Xt8 Firmware Rt-ax56u Gt-axe16000 Rt-ax82u Gt-axe16000 Firmware Xt9 Rt-ax68u Firmware Rt-ax82u Firmware Xt9 Firmware Xd4 Xd4 Firmware Et12 Rt-ax58u Rt-ax56u Firmware Gt-ax11000 Firmware Gt-ax11000 Pro Firmware Tuf-ax3000 V2 Firmware Rt-ax55 Tuf-ax3000 V2 Xd6 Xt8 Gt-ax11000 Pro Xt12 Gt-ax11000
Asuswrt-merlin	New Gen

Configuration 1 [-]

cpe:2.3:o:asus:asuswrt:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:asuswrt-merlin:new_gen:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:asus:xt8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:xt8:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:asus:tuf-ax3000_v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:tuf-ax3000_v2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:asus:xd4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:xd4:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:asus:et12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:et12:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:asus:gt-ax6000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:gt-ax6000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:asus:xt12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:xt12:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:asus:xt9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:xt9:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:asus:xd6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:xd6:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:asus:gt-ax11000_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:gt-ax11000_pro:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:asus:gt-axe16000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:gt-axe16000:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:asus:rt-ax68u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax68u:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:asus:rt-ax82u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:asus:rt-ax56u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:asus:gt-ax11000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2022-07-27T00:00:00

Updated: 2022-10-07T00:00:00

Reserved: 2022-04-05T00:00:00

Link: CVE-2022-26376

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-05T22:15:11.143

Modified: 2022-12-02T20:08:05.937

Link: CVE-2022-26376

JSON object: View

Redhat Information

No data.

CWE

CWE-787