ASUS RT-AC86U Firmware 3.0.0.4 386 51529

CPE Details

ASUS RT-AC86U Firmware 3.0.0.4 386 51529
asus
rt-ac86u_firmware
3.0.0.4_386_51529
2023-08-01
12h19 +00:00
2023-08-15
11h39 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*

Informations

Vendor

asus

Product

rt-ac86u_firmware

Version

3.0.0.4_386_51529

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-39240 2023-09-07 07h25 +00:00 It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
7.2
High
CVE-2023-39239 2023-09-07 07h18 +00:00 It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
7.2
High
CVE-2023-39238 2023-09-07 07h10 +00:00 It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
7.2
High
CVE-2023-39237 2023-09-07 06h53 +00:00 ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
8.8
High
CVE-2023-39236 2023-09-07 06h49 +00:00 ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
8.8
High
CVE-2023-38033 2023-09-07 06h42 +00:00 ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
8.8
High
CVE-2023-38032 2023-09-07 06h30 +00:00 ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
8.8
High
CVE-2023-38031 2023-09-07 03h24 +00:00 ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
8.8
High
CVE-2023-35087 2023-07-21 07h11 +00:00 It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
9.8
Critical
CVE-2023-35086 2023-07-21 06h32 +00:00 It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
7.2
High
CVE-2021-3128 2021-04-12 15h41 +00:00 In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.