Hanpeng

**Name of the Vulnerable Software and Affected Versions** ASUS RT-AX56U (affected versions not specified) **Description** The issue is related to a path traversal vulnerability in the `update json` function due to insufficient filtering for special characters in the URL parameter. This allows an unauthenticated LAN attacker to overwrite a system file by uploading another file with the same file name, resulting in service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS RT-AX56U (affected versions not specified) **Description** The issue is related to a path traversal vulnerability in the update PLC/PORT file due to insufficient filtering for special characters in the URL parameter. This allows an unauthenticated LAN attacker to overwrite a system file by uploading another PLC/PORT file with the same file name, resulting in service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS RT-AX56U (affected versions not specified) **Description** The issue is related to an SQL injection vulnerability in the SQL handling function due to insufficient user input validation. This allows an unauthenticated LAN attacker to inject arbitrary SQL code, enabling them to read, modify, and delete database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS RT-AX56U (affected versions not specified) **Description** The user profile configuration function of the ASUS RT-AX56U is vulnerable to a stack-based buffer overflow due to insufficient validation for parameter length. This allows an unauthenticated LAN attacker to execute arbitrary code, enabling them to perform arbitrary operations or disrupt service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.