PT-2023-13590 · Asus · Asus Rt-Ax82U
Lilith >_>
·
Published
2023-01-10
·
Updated
2023-06-21
·
CVE-2022-38105
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Asus RT-AX82U version 3.0.0.4.386 49674-ge182230
Description
An information disclosure issue exists in the cm processREQ NC opcode of the router's configuration service. A specially-crafted network packet can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this issue.
Recommendations
For Asus RT-AX82U version 3.0.0.4.386 49674-ge182230, consider restricting access to the configuration service until a patch is available. As a temporary workaround, avoid using the cm processREQ NC opcode in the configuration service to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asus Rt-Ax82U