CVE-2023-35087

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

Published: Jul 21, 2023
Updated: Jul 22, 2023
CVE: CVE-2023-35087
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
asus / rt-ac86u_firmware	3.0.0.4_386_51529	3.0.0.4_386_51529.x
asus / rt-ax56u_v2_firmware	3.0.0.4.386_50460	3.0.0.4.386_50460.x

https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html

Vulnerability Database

289,871

CVE-2023-35087