-
-
Save viktoredstrom/cd2580fb0e93e47133b2998553b0a52f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Suggested description] | |
| Buffer overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine function due to improper length validation for the cookie field. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Buffer overflow | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| ASUS | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| Product: RT-AX88U | |
| Version: Affected at 3.0.0.4.388_24198 | |
| ------------------------------------------ | |
| [Affected Component] | |
| Affected executable: lighttpd | |
| ------------------------------------------ | |
| [Attack Type] | |
| Remote | |
| ------------------------------------------ | |
| [Impact Code execution] | |
| True | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| To exploit the vulnerability the attacker needs to be able to access the routers web server, usually by being on the same local area network. | |
| ------------------------------------------ | |
| [Reference] | |
| https://www.asus.com/content/asus-product-security-advisory/ | |
| ------------------------------------------ | |
| [Has vendor confirmed or acknowledged the vulnerability?] | |
| True | |
| ------------------------------------------ | |
| [Discoverer] | |
| Viktor Edström |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment