Skip to main content

Rt Ax55 Firmware CVE-2023-41345

HIGH
OS Command Injection (CWE-78)
2023-11-03 twcert@cert.org.tw
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 03, 2023 - 05:15 nvd
HIGH 8.8

DescriptionNVD

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.

AnalysisAI

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. Affected products include: Asus Rt-Ax55 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2022-26376 CRITICAL POC
9.8 Aug 05

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and A

CVE-2023-39780 HIGH POC
8.8 Sep 11

On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply

CVE-2021-41435 CRITICAL
9.8 Nov 19

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-A

CVE-2023-41348 HIGH
8.8 Nov 03

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters withi

CVE-2023-41347 HIGH
8.8 Nov 03

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters withi

CVE-2023-41346 HIGH
8.8 Nov 03

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters withi

CVE-2021-41436 HIGH
7.5 Nov 19

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2,

CVE-2021-3128 HIGH
7.5 Apr 12

In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386

CVE-2023-39240 HIGH
7.2 Sep 07

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. Rated high severity (CVS

CVE-2023-39239 HIGH
7.2 Sep 07

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. Rated high severity (CVSS 7.2

CVE-2023-39238 HIGH
7.2 Sep 07

It is identified a format string vulnerability in ASUS RT-AX56U V2. Rated high severity (CVSS 7.2), this vulnerability i

CVE-2021-37910 MEDIUM
5.3 Nov 12

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerabi

Share

CVE-2023-41345 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy