CVE-2022-26376

Name of the Vulnerable Software and Affected Versions Asuswrt versions prior to 3.0.0.4.386 48706 Asuswrt-Merlin New Gen versions prior to 386.7

Description A memory corruption issue exists in the httpd unescape functionality. This can be triggered by a specially-crafted HTTP request, leading to memory corruption. An attacker can exploit this by sending a network request.

Recommendations For Asuswrt versions prior to 3.0.0.4.386 48706, update to version 3.0.0.4.386 48706 or later. For Asuswrt-Merlin New Gen versions prior to 386.7, update to version 386.7 or later. As a temporary workaround, consider restricting access to the httpd unescape functionality until a patch is available.