CVE-2023-39239

Name of the Vulnerable Software and Affected Versions ASUS RT-AX56U V2 (affected versions not specified) ASUS RT-AX55 (affected versions not specified) ASUS RT-AC86U (affected versions not specified)

Description A format string vulnerability is identified in the General function API of the affected devices. This issue is caused by a lack of validation for a specific value within the apply.cgi module. A remote attacker can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation, or disrupt service. The attacker may need administrator privilege to exploit the vulnerability, although some sources suggest it can be exploited without privilege.

Recommendations For ASUS RT-AX56U V2, consider disabling the apply.cgi module until a patch is available. For ASUS RT-AX55 and ASUS RT-AC86U, restrict access to the General function API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.