CVE-2023-39238

Name of the Vulnerable Software and Affected Versions ASUS RT-AX56U V2

Description A format string vulnerability is identified in the set iperf3 svr.cgi module of ASUS RT-AX56U V2, caused by lacking validation for a specific value within this module. This vulnerability can be exploited by a remote attacker with administrator privilege to perform remote arbitrary code execution, arbitrary system operation, or disrupt service. Approximately 207,123 devices are potentially affected, mainly distributed in China, the Republic of Korea, and other countries.

Recommendations For ASUS RT-AX56U V2, as a temporary workaround, consider disabling the set iperf3 svr.cgi module until a patch is available. Restrict access to this module to minimize the risk of exploitation. Avoid using the vulnerable function within this module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.