It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2023-07-21T07:11:03.792Z
Updated: 2023-07-21T07:11:03.792Z
Reserved: 2023-06-13T10:19:24.131Z
Link: CVE-2023-35087
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-21T08:15:09.900
Modified: 2023-08-03T18:43:53.560
Link: CVE-2023-35087
JSON object: View
Redhat Information
No data.
CWE