CVE-2022-35401

Name of the Vulnerable Software and Affected Versions Asus RT-AX82U version 3.0.0.4.386 49674-ge182230

Description An authentication bypass issue exists in the get IFTTTTtoken.cgi functionality, allowing a specially-crafted HTTP request to lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this issue. The vulnerability can be exploited by a remote attacker, potentially compromising the system.

Recommendations For Asus RT-AX82U version 3.0.0.4.386 49674-ge182230, as a temporary workaround, consider disabling the get IFTTTTtoken.cgi functionality until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the vulnerable functionality in the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.